2017 From: https://portswigger.net/research/top-10-web-hacking-techniques
Every year, numerous security researchers choose to share their findings with the community through conference presentations, blog posts, whitepapers, videos, and even simple disclosures. This is great, but the sheer volume and diversity means understated discoveries from aspiring researchers can be overlooked. Even flashy vulnerabilities eventually get eclipsed and forgotten , as people chase after the next shiny logo. While well-established risks are tracked by the OWASP Top Ten and Testing Guide, new threats are easily lost.
Since 2006, Jeremiah Grossman and Matt Johansen have annually collaborated with the infosec community to pick the top 10 web hacking techniques of each year. This has been invaluable in drawing deserved attention to the most exciting and innovative research to have come out of the community.
This collaboration has produced two indispensable resources every year - a refined selection of ten must-read publications relevant to everyone in web security, and a vast list of research for other would-be researchers.
Beginning life on Jeremiah’s blog, then moving to WhiteHat’s in 2011, this project unfortunately stopped in 2015. However, we believe it’s needed now more than ever. In 2017, we at PortSwigger decided to pick up the torch.
Since then, we’ve teamed up with the community and a cross-company panel of experts to select the year’s most innovative, must-read, pieces of research
2006 From : https://blog.jeremiahgrossman.com/2006/12/top-10-web-hacks-of-2006.html
Attacks always get better, never worse. That’s what probably what I’ll remember most about 2006. What a year it’s been in web hacking! There’s never been such a big leap forward in the industry and frankly it’s really hard to keep up. My favorite quote came today from Kryan:
“The last quarter of this year, RSnake and Jeremiah pretty much destroyed any security we thought we had left. Including the “I’ll just browse without javascript” mantra. Could you really call that browsing anyways?”
To look back on what’s been discovered RSnake , Robert Auger , and myself collected as many of the new 2006 web hacks as we could find. We’re using the term “hacks” loosely to describe some of the more creative, useful, and interesting techniques/discoveries/compromises. There were about 60 to choose from making the selection process REALLY difficult. After much email deliberation we believe we created a solid Top 10. Below you’ll find the entire list in no particular order. Enjoy!