Palo Alto, CA – February 28, 2013 WhiteHatSecurity has recently published the Top 10 Hacking Techniques of 2012. It is the seventh time that security experts led by Jeremiah Grossman choose the most interesting of new web application attacks. This year, the contest received 60 applications in total, 15 of them were chosen for phase 2 in an open community voting, and a panel of security experts finally chose the top 10.
Juliano Rizzo and Thai Duong bear the palm with their new attack on SSL/TLS called CRIME, which has been widely discussed in the media (it is the third time they win the contest). But the second place is taken by ERPScan and SSRF attacks, which was also popular in the news after Alexander Polyakov showed it at BlackHat USA, followed by RSA and POC.
By the way, SSRF attack has been officially entered into the CWE base. It is now the weakness number 918 and a subtype of Unintended Proxy or Intermediary / Confused Deputy.