Published: 05 January 2021 at 14:01 UTC
Updated: 24 February 2021 at 15:37 UTC
Update: The top ten is now out!
Nominations are now open for the top 10 new web hacking techniques of 2020!
2020 was not an ideal year for many of us, but that didn't stop the security community from sharing a broad array of novel research ranging from creative iterations on existing work to entire new attack concepts. Keeping up with this flood of posts can be exhausting in the best of times, so every year we collaborate with the community to first identify all the key research releases, then whittle the list down to the top ten must-see new techniques. Take a look at last year's top 10 to see what this looks like. For researchers, the nomination list is also a valuable asset - check out 2019's superb nomination list.
We'll follow the same battle-tested process as usual:
Everyone is welcome to nominate a piece of research, just use the nomination form.
Feel free to nominate your own research if you think it's worthy. We know too well that some quality work gets overlooked just because it isn't social-media optimized.
We love to see all kinds of security knowledge being shared but we're aiming to list only posts that contain a novel technique, idea or concept that can be reapplied elsewhere. As such, just like last year I will enforce a minimum quality bar to prevent the nomination list from being flooded with posts that merely show the application a technique that's already been publicly documented. If you're looking for techniques that have been around a while but won't go away, check out the OWASP Top Ten.
If you're interested in hearing about novel techniques the moment they come out, you can follow @PortSwiggerRes on Twitter, or subscribe to r/websecurityresearch. I've used these sources to make a few nominations to get things started. This list will get updated regularly during the nomination phase.
Finally, here's the complete list of past year's top 10s:
Nominations so far: