"Si piensas que la tecnología puede solucionar tus problemas de seguridad, está claro que ni entiendes los problemas ni entiendes la tecnología"
-- Bruce Schneier

1. Abusing Flash-Proxies for client-side cross-domain HTTP requests [slides]
2. Abusing HTTP Status Codes to Expose Private Information
3. Autocomplete..again?!
4. BEAST
5. Bypassing Chrome’s Anti-XSS filter
6. Bypassing Flash’s local-with-filesystem Sandbox
7. CAPTCHA Hax With TesserCap
8. CSRF with JSON – leveraging XHR and CORS
9. CSRF: Flash + 307 redirect = Game Over
10. Close encounters of the third kind (client-side JavaScript vulnerabilities)
11. Cookiejacking
12. Cross domain content extraction with fake captcha
13. Crowd-sourcing mischief on Google Maps leads customers astray
14. DNS poisoning via Port Exhaustion
15. DOMinator – Finding DOMXSS with dynamic taint propagation
16. Double eval() for DOM based XSS
17. Drag and Drop XSS in Firefox by HTML5 (Cross Domain in frames)
18. Excel formula injection in Google Docs
19. Exploitation of “Self-Only” Cross-Site Scripting in Google Code
20. Exploiting the unexploitable XSS with clickjacking
21. Expression Language Injection
22. Facebook: Memorializing a User
23. Filejacking: How to make a file server from your browser (with HTML5 of course)
24. Google Chrome/ChromeOS sandbox side step via owning extensions
25. HOW TO: Spy on the Webcams of Your Website Visitors
26. Hidden XSS Attacking the Desktop & Mobile Platforms
27. How To Own Every User On A Social Networking Site
28. How to get SQL query contents from SQL injection flaw
29. How to upload arbitrary file contents cross-domain (2)
30. JSON-based XSS exploitation
31. Java Applet Same-Origin Policy Bypass via HTTP Redirect
32. Kindle Touch (5.0) Jailbreak/Root and SSH
33. Launch any file path from web page
34. Lotus Notes Formula Injection
35. Multiple vulnerabilities in Apache Struts2 and property oriented programming with Java
36. NULLs in entities in Firefox
37. Rapid history extraction through non-destructive cache timing (v8)
38. Session Puzzling (aka Session Variable Overloading) Video 1, 2, 3, 4
39. SpyTunes: Find out what iTunes music someone else has
40. Stealth Cookie Stealing (new XSS technique)
41. Stripping Referrer for fun and profit
42. SurveyMonkey: IP Spoofing
43. Temporal Session Race Conditions Video 2
44. Text-based CAPTCHA Strengths and Weaknesses
45. The Failure of Noise-Based Non-Continuous Audio Captchas
46. Timing Attacks on CSS Shaders
47. Tracking users that block cookies with a HTTP redirect
48. Using Cross-domain images in WebGL and Chrome 13
49. XSS in Skype for iOS
50. XSS-Track as a HTML5 WebSockets traffic sniffer