Jeremiah Grossman the Chief Technology Officer of WhiteHat Security officially announce the Top 10 Web Hacks 2007 polls result(s). Here is the list(s):
- XSS Vulnerabilities in Common Shockwave Flash Files
- Universal XSS in Adobe’s Acrobat Reader Plug-in
- Firefox’s JAR: Protocol Issue(s)
- Cross Site Printing (Printer Spamming)
- Hiding JavaScript in Valid Images
- Firefoxurl URI Handler Flaw
- Anti-DNS Pinning (DNS Rebinding)
- Google Gmail – Email Hijack Technique
- PDF XSS can Compromise Your Machine
- Port Scanning without JavaScript
“From quite a lot of techniques listed on his blog XSS and it’s various (Such as Cross Site Printing) are still occupying several positions in the Top 10 rank for the most popular techniques – Even the best 2 positions. This will be a quite significant evidence that Cross Site Scripting (XSS) and it’s various CSRF (Cross Site Request Forgery) and Cross Site Printing (Probably abbreviated as XSP) are dangerous and can be found anywhere.” Th0R said.
XSS and / or CSRF are one of the the biggest security issue. But somehow, I don’t know why it’s OVERLOOK by most of Indonesian techies and security experts. As we can see on most forums, mailing lists, and other communities in Indonesia, they RARELY talk about XSS and CSRF. Pitty~
But we talk about them much lately, aren’t we? ^^
[...] (more…) [...]