Unlock enhanced API scanning with Burp Suite Enterprise Edition  –  Learn more

Top 10 web hacking techniques of 2018 - nominations open

James Kettle

James Kettle

Director of Research

@albinowax


Update: voting is now live. Please head over and place your vote.

Nominations are now open for the top 10 new web hacking techniques of 2018.

Every year countless security researchers share their findings with the community. Whether they're elegant attack refinements, empirical studies, or entirely new techniques, many of them contain innovative ideas capable of inspiring new discoveries long after publication.

And while some inevitably end up on stage at security conferences, others are easily overlooked amid a sea of overhyped disclosures, and doomed to fade into obscurity.

As such, each year we call upon the community to help us seek out, distil, and preserve the very best new research for future readers.

As with last year, we’ll do this in three phases:

Last year we decided to prevent conflicts of interest by excluding PortSwigger research, but found the diverse voting panel meant we needed a better system. We eventually settled on disallowing panelists from voting on research they’re affiliated with, and adjusting the final scores to compensate. This approach proved fair and effective, so having checked with the community we'll no longer exclude our own research.

To nominate a piece of research, either use this form or reply to this Twitter thread.

Feel free to make multiple nominations, and nominate your own research, etc. It doesn't matter whether the submission is a blog post, whitepaper, or presentation recording - just try to submit the best format available. If you want, you can take a look at past years’ top 10 to get an idea for what people feel constitutes great research.

You can find previous year's results here:

200620072008200920102011201220132014, 2015, 2016/17.

Nominations so far

Here are the nominations so far. We're making offline archives of them all as we go, so we can replace any that go missing in future. I'll do a basic quality filter before the community vote starts.

Back to all articles

Related Research