https://www.whitehatsec.com/resource/grossmanarchives/12grossmanarchives/022112topten2011.html
O top 10:
- BEAST (by: Thai Duong and Juliano Rizzo)
- Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java (by: Johannes Dahse)
- DNS poisoning via Port Exhaustion (by: Roee Hay and Yair Amit)
- DOMinator – Finding DOMXSS with dynamic taint propagation (by: Stefano Di Paola)
- Abusing Flash-Proxies for client-side cross-domain HTTP requests (by: Martin Johns and Sebastian Lekies)
- Expression Language Injection (by: Stefano Di Paola and Arshan Dabirsiaghi)
- Java Applet Same-Origin Policy Bypass via HTTP Redirect (by: Neal Poole)
- CAPTCHA Hax With TesserCap (by: Gursev Kalra)
- Bypassing Chrome’s Anti-XSS filter (by: Nick Nikiforakis)
- CSRF: Flash + 307 redirect = Game Over (by: Phillip Purviance)