Top 10 web hacking techniques of 2025

This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).

The 19th annual community-powered Top 10 Web Hacking Techniques list for 2025 is out, curated by an expert panel from 63 community nominations. The top spot goes to new error-based code injection and SSTI techniques by Vladislav Korchagin, with #2 going to ORM leak methodology by Alex Brown. Other highlights include a blind

#vulnerability

#web-security

Feb 22•6m read time• From portswigger.net

Table of contents

James Kettle 10 - Parser Differentials: When Interpretation Becomes a Vulnerability 9 - Playing with HTTP/2 CONNECT 8 - XSS-Leak: Leaking Cross-Origin Redirects 7 - Next.js, cache, and chains: the stale elixir 6 - Cross-Site ETag Length Leak 5 - SOAPwn: Pwning .NET Framework Apps Through HTTP Client Proxies And WSDL 4 - Lost in Translation: Exploiting Unicode Normalization 3 - Novel SSRF Technique Involving HTTP Redirect Loops 2 - ORM Leaking More Than You Joined For 1 - Successful Errors: New Code Injection and SSTI Techniques Conclusion

Comment

Bookmark

Copy

Sort: