We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Top 10 web hacking techniques of 2010 revealed

Biggest attack goes after Microsoft's ASP.NET Web framework

We look at the 10 worst web hacking techniques that appeared during 2010 to cause havoc.

4. Attacking HTTPS with Cache Injection

Injection of malicious Java script libraries into a browser cache enables attackers to compromise websites protected by SSL. This will work until the cache is cleared. Nearly half the top one million websites use external Java script libraries. (Crated by Elie Bursztein, Baptiste Gourdin and Dan Boneh.)

5. Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution

Gets around cross site request forgery defenses and tricks victims into revealing their email IDs. Using these, the attackers can reset the victim's passwords and gain access to their accounts. (Created by Lavakumar Kuppan.)

6. Universal XSS in IE8

Internet Explorer 8 has cross-site scripting protections that this exploit can circumvent and allow web pages to be rendered improperly in a potentially malicious manner.


HTTP POST headers are sent to servers to let them know how much data is being sent, then the data is sent very slowly, eating up the servers' resources. When many of these are sent simultaneously, the servers are overwhelmed. (Created by Wong Onn Chee and Tom Brennan.)

8. JavaSnoop

A Java agent attached to the target machine communicates with the JavaSnoop tool to test applications on the machine for security weaknesses. This could be a security tool or a hacking tool, depending on the user's mindset. (Created by Arshan Dabirsiagh.)

9. CSS History Hack in Firefox without JavaScript for Intranet Port Scanning

Cascading style sheets, used to define the presentation of HTML, can be used to grab browser histories as victims visit websites. The history information can be used to set the victim up for phishing attacks. (Created by Robert 'RSnake' Hansen.)

10. Java Applet DNS Rebinding

A pair of Java applets direct a browser to a pair of attacker controlled websites, forcing the browser to bypass its DNS cache and so make it susceptible to an NDS rebinding attack . (Created by Stefano Di Paola.)

See also: 2010's biggest internet security stories

  1. Microsoft's ASP.NET web framework in the firing lines
  2. Attacking HTTPS

IDG UK Sites

Three of the most expensive Limited Edition games ever made: Who's buying a $1,000,000 game?

IDG UK Sites

Watch Macbeth projected inside a pop-up book

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...