TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

PortSwigger Research

Top 10 web hacking techniques of 2024

2025-02-04 · Read original ↗

ATT&CK techniques detected

4 predictions
T1588.006Vulnerabilities
75%
"top 10 web hacking techniques of 2024 research academy my account customers about blog careers legal contact resellers attack surface visibility improve security posture, prioritize manual testing, free up time. ci - driven scanning more proactive security - find and fix vulnerab…"
T1539Steal Web Session Cookie
67%
"##onsequential subdomain. cookies predate the same - origin policy that governs javascript, and this research shows that in spite of decades of security - bodges from httponly to samesite, they ' re still a hazard. maybe it would be safer just to use localstorage for session toke…"
T1190Exploit Public-Facing Application
62%
"process. it ' s always a sign of great research when something that seems like it should be fundamental platform knowledge pops up and takes everyone by surprise. we expect to see more discoveries in this area, and after catching this talk live at black hat europe i pushed automa…"
T1588.006Vulnerabilities
62%
"##scribe to our rss, join r / websecurityresearch, hop on our discord, or follow us on social. if you ' re interested in doing this kind of research yourself, i ' ve shared a few lessons i ' ve learned over the years in hunting evasive vulnerabilities, how to choose a security re…"

Summary

Welcome to the Top 10 Web Hacking Techniques of 2024, the 18th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year