Security Weekly Podcast Network (Audio) Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
Feb 18, 2025
Dive into the captivating realm of web hacking as industry expert James Kettle reveals the top 10 techniques for 2024. Discover why enduring flaws like XSS and SQL injection remain prevalent, despite new technologies like HTTP/3 and WebAssembly emerging. Uncover innovative approaches, including advanced SQL injection and cookie manipulation. The conversation also highlights the exciting intersection of AI and web vulnerability research, showcasing how tools like Shadow Repeater transform manual testing. Engage with the thrill of hacking and the crucial role of ongoing research in cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Favorite Technique
- James Kettle's favorite web hacking technique of 2024 was SQL injection by manipulating queries at the protocol level.
- This involved exploiting binary protocols and length fields, surprising everyone.
Overlooked Attack Surface
- This SQL injection technique targets the often overlooked attack surface of database drivers and their binary protocols.
- It highlights how assumptions about the security of underlying systems can be dangerous.
Cookie Insecurity
- Cookie-based authentication is fundamentally flawed because it predates the same-origin policy.
- This makes cookies susceptible to various attacks, even with mitigations like HTTPOnly and SameSite flags.