Security Weekly Podcast Network (Audio)

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

Feb 18, 2025

Dive into the captivating realm of web hacking as industry expert James Kettle reveals the top 10 techniques for 2024. Discover why enduring flaws like XSS and SQL injection remain prevalent, despite new technologies like HTTP/3 and WebAssembly emerging. Uncover innovative approaches, including advanced SQL injection and cookie manipulation. The conversation also highlights the exciting intersection of AI and web vulnerability research, showcasing how tools like Shadow Repeater transform manual testing. Engage with the thrill of hacking and the crucial role of ongoing research in cybersecurity.

44:57

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The resurgence of SQL injection through innovative methods underscores the adaptability of legacy attack techniques in modern web frameworks.

Shifting to session storage from traditional cookie management could significantly enhance security by addressing inherent vulnerabilities in cookie systems.

Deep dives

The Impact of SQL Injection Techniques

One of the most surprising findings in this year's top web hacking techniques is the resurgence of SQL injection methods, specifically through a novel approach called 'muggling queries at the protocol level'. This technique highlights how attackers can exploit binary protocols to perform SQL injections, effectively bypassing traditional safeguards. By targeting the intricacies of database drivers and assuming their security, hackers reveal vulnerabilities overlooked by many. This innovative thinking showcases the potential for older attack methods to be adapted and reimagined within modern frameworks.

Intro

4min

Innovations in Web Hacking Techniques

16min

Navigating the World of Web Hacking

5min

Innovations in Web Security Research

5min

Navigating Cybersecurity Vulnerabilities

9min

The Intersection of AI and Web Vulnerability Research

3min

The Thrill and Complexity of Hacking

2min

We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after year and how clever research is still finding new attack surfaces in old technologies. But there's a lot of new web technology still to be examined, from HTTP/2 and HTTP/3 to WebAssembly.

Segment Resources:

Top 10, 2024: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
Full nomination list: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024-nominations-open
Project overview: https://portswigger.net/research/top-10-web-hacking-techniques

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-318

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Weekly Podcast Network (Audio)

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Impact of SQL Injection Techniques

The Vulnerability of Cookies and Session Storage

Complexity in Web Architecture: A Double-Edged Sword

Encouraging Innovation in Security Research

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Security Weekly Podcast Network (Audio)

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Impact of SQL Injection Techniques

The Vulnerability of Cookies and Session Storage

Complexity in Web Architecture: A Double-Edged Sword

Encouraging Innovation in Security Research

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights