We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Top 10 web hacking techniques of 2010 revealed

Biggest attack goes after Microsoft's ASP.NET Web framework

We look at the 10 worst web hacking techniques that appeared during 2010 to cause havoc.

4. Attacking HTTPS with Cache Injection

Injection of malicious Java script libraries into a browser cache enables attackers to compromise websites protected by SSL. This will work until the cache is cleared. Nearly half the top one million websites use external Java script libraries. (Crated by Elie Bursztein, Baptiste Gourdin and Dan Boneh.)

5. Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

Gets around cross site request forgery defenses and tricks victims into revealing their email IDs. Using these, the attackers can reset the victim's passwords and gain access to their accounts. (Created by Lavakumar Kuppan.)

6. Universal XSS in IE8

Internet Explorer 8 has cross-site scripting protections that this exploit can circumvent and allow web pages to be rendered improperly in a potentially malicious manner.


HTTP POST headers are sent to servers to let them know how much data is being sent, then the data is sent very slowly, eating up the servers' resources. When many of these are sent simultaneously, the servers are overwhelmed. (Created by Wong Onn Chee and Tom Brennan.)

8. JavaSnoop

A Java agent attached to the target machine communicates with the JavaSnoop tool to test applications on the machine for security weaknesses. This could be a security tool or a hacking tool, depending on the user's mindset. (Created by Arshan Dabirsiagh.)

9. CSS History Hack in Firefox without JavaScript for Intranet Port Scanning

Cascading style sheets, used to define the presentation of HTML, can be used to grab browser histories as victims visit websites. The history information can be used to set the victim up for phishing attacks. (Created by Robert 'RSnake' Hansen.)

10. Java Applet DNS Rebinding

A pair of Java applets direct a browser to a pair of attacker controlled websites, forcing the browser to bypass its DNS cache and so make it susceptible to an NDS rebinding attack . (Created by Stefano Di Paola.)

See also: 2010's biggest internet security stories

  1. Microsoft's ASP.NET web framework in the firing lines
  2. Attacking HTTPS

IDG UK Sites

What is Google Photos? How to back up and share all of your photos for free

IDG UK Sites

Why I think the Apple Watch sucks and you'd be mad to buy it

IDG UK Sites

Swatch launches a colourful smartwatch

IDG UK Sites

New Apple TV 2015 release date rumours: TV streaming service delayed, hand gesture interface being...