This post will serve to
collect new attack techniques as they are published. If you think something should be added, please comment below and I'll add them.
"Every year the Web security community produces a stunning amount of new hacking techniques published in various white papers, blog posts, magazine articles, mailing list emails, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and so on. Beyond individual vulnerability instances with CVE numbers or system compromises, we're talking about actual new and creative methods of Web-based attack. The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes researchers who contribute excellent work."
Current 2011 List
- Bypassing Flash’s local-with-filesystem Sandbox
- Abusing HTTP Status Codes to Expose Private Information
- SpyTunes: Find out what iTunes music someone else has
- CSRF: Flash + 307 redirect = Game Over
Previous Winners
2010 - 'Padding Oracle' Crypto Attack
2009 - Creating a rogue CA certificate
2008 - GIFAR
2007 - XSS Vulnerabilities in Common Shockwave Flash Files
2006 - Web Browser Intranet Hacking / Port Scanning
Source: jeremiahgrossman.blogspot.com