Top 10 Web Hacking Techniques 2021 – Nominations Open


The 10 best new web hacking techniques of 2021 are now eligible for nominations!

Every year, security researchers share their findings in blog posts, presentations, and white papers. Each write-up is valuable, but some contain something special – innovative ideas and techniques that can be re-applied elsewhere. Since 2006, the security community has come together annually to sift through the results of the year and uncover the top ten research results selected for their innovation and lasting impact. We at PortSwigger Research are proud to be hosting this again.

If this is your first time coming across this project, you can find the full origin, history and purpose of this project on our dedicated Top 10 page along with an archive of previous winners and explanation of how it differs from related projects like the OWASP -Top distinguishes ten.


today: Starting in 2021, start collecting community nominations for the top research.
January 17th: Start the community voting to shortlist the top 15.
January 24th: Start the panel vote using the shortlist to select and order the 10 finalists.
February 08: Publish Top 10 of 2021 !.

What should I nominate?

The aim is to highlight research that contains novel, practical techniques that can be re-applied to different systems. Individual vulnerabilities such as log4shell are currently valuable, but tend to age poorly, while underlying techniques such as JNDI Injection can be re-applied to great effect. Nominations can also be refinements of already known attack classes, such as Exploiting XXE with Local DTD Files. For more examples, it might be helpful to look at last year’s top 10.

Make nomination

To submit, simply include a URL to the study and an optional short comment explaining what’s new about the work. Feel free to make as many nominations as you’d like and nominate your own research if you think it’s worth it! I’ll filter out weaker nominations and merge overlapping nominations to keep the total manageable.

Click here to make a nomination

We don’t collect email addresses – to be notified when the voting phase starts, follow along @PortSwiggerRes on twitter.

Previous nominations

I made a few nominations myself to get things rolling:

Back to all articles


About Author

Comments are closed.