We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after year and how clever research is still finding new attack surfaces in old technologies. But there's a lot of new web technology still to be examined, from HTTP/2 and HTTP/3 to WebAssembly.

Segment Resources:

• Top 10, 2024: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024
• Full nomination list: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024-nominations-open
• Project overview: https://portswigger.net/research/top-10-web-hacking-techniques

Show Notes: https://securityweekly.com/asw-318