The verdict is in! Following 37 nominations whittled down to a shortlist of 15 by a community vote, our panel of experts has conferred and selected the top 10 web hacking techniques of 2017 (and 2016).
The panel consisted of myself, and distinguished researchers Gareth Heyes, Nicolas Grégoire, Frans Rosén, and Soroush Dalili. Our objective is to spread awareness of the techniques, and also help prevent them from being forgotten in coming years. As such, we’ve evaluated the 15 nominees by how innovative, widespread and impactful the findings are, and how long they will continue to be relevant. The top three results in particular are unanimously regarded as must-read articles by the entire panel.
We initially decided to prevent conflicts of interest by excluding PortSwigger research, but after we decided to have a broad voting panel it become clear we needed a better system. We eventually settled on disallowing panelists from voting on research they’re affiliated with, and adjusting the final scores to compensate. Of course by then it was too late to reintroduce PortSwigger research, so we’ll never know what the likes of Cracking the Lens and XSS without HTML would have scored
We’ll run through the results starting at 10th place and building towards the best research of the year:
币安是全球领先的数字货币交易平台，提供比特币、以太坊、BNB 以及 USDT 交易。