OAuth ‘masterclass’ crowned top web hacking technique of 2022

Detectify founder, Frans Rosén, was awarded PortSwigger’s top web hacking method of 2022 for his research on account hijacking using OAuth quirks in sign-in flows. PortSwigger’s director, James Kettle, said the research identified issues often dismissed for lacking significant security impact. Kettle himself clinched second place for his work on HTTP request smuggling, while Google’s Simon Scannell secured third place for identifying a cache injection vulnerability in Zimbra’s webmail.