Update: voting is now live. Please head over and place your vote.

Nominations are now open for the top 10 new web hacking techniques of 2018.

Every year countless security researchers share their findings with the community. Whether they're elegant attack refinements, empirical studies, or entirely new techniques, many of them contain innovative ideas capable of inspiring new discoveries long after publication.

And while some inevitably end up on stage at security conferences, others are easily overlooked amid a sea of overhyped disclosures, and doomed to fade into obscurity.

As such, each year we call upon the community to help us seek out, distil, and preserve the very best new research for future readers.

As with last year, we’ll do this in three phases:

  • Jan 1st: Start to collect community nominations
  • Jan 21st: Launch community vote to build shortlist of top 15
  • Feb 11th: Panel vote on shortlist to select final top 10

Last year we decided to prevent conflicts of interest by excluding PortSwigger research, but found the diverse voting panel meant we needed a better system. We eventually settled on disallowing panelists from voting on research they’re affiliated with, and adjusting the final scores to compensate. This approach proved fair and effective, so having checked with the community we'll no longer exclude our own research.

To nominate a piece of research, either use this form or reply to this Twitter thread.

Feel free to make multiple nominations, and nominate your own research, etc. It doesn't matter whether the submission is a blog post, whitepaper, or presentation recording - just try to submit the best format available. If you want, you can take a look at past years’ top 10 to get an idea for what people feel constitutes great research.

You can find previous year's results here:

200620072008200920102011201220132014, 2015, 2016/17.

Nominations so far

Here are the nominations so far. We're making offline archives of them all as we go, so we can replace any that go missing in future. I'll do a basic quality filter before the community vote starts.