Top Ten Web Hacking Techniques of 2012 by Jeremiah Grossman.
From the post:
Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work. Past Top Tens and the number of new attack techniques discovered in each year: 2006 (65), 2007 (83), 2008 (70), 2009 (82), 2010 (69), 2011 (51)
The comments have useful material as well.
I first saw this in a post by Ajay Ohri, Hacking for Beginners- Top Website Hacks. Ajay points to a favorite hacking presentation from 2002: Top Ten Web Attacks.
I haven’t looked but suspect a majority of the 2002 top ten still work.
Or at least still work on some sites.
That’s where a topic map of vulnerabilities to sites would come in handy. Either to make the case to plug the holes or other uses.