Update 02.14.2011: Open voting for the final 15 is now underway. Vote Now!This post will serve to collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them."Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work."Current 2011 List
Previous Winners2010 - 'Padding Oracle' Crypto Attack2009 - Creating a rogue CA certificate2008 - GIFAR2007 - XSS Vulnerabilities in Common Shockwave Flash Files2006 - Web Browser Intranet Hacking / Port Scanning