Insights on 2025 Web Hacking Techniques and LLM Impact for 2026

Severity: Low (Score: 39.7)

Sources: blog.pypi.org, Scworld

Summary

James Kettle from PortSwigger discusses the top web hacking techniques of 2025 and anticipates the influence of large language models (LLMs) on future vulnerabilities. He emphasizes the importance of having a robust toolchain for vulnerability research and highlights the educational value of reviewing code changes that fix vulnerabilities. Kettle reflects on a recent breach where an employee inadvertently granted excessive permissions, raising concerns about access control to sensitive systems. He notes the need for improved security measures without compromising user experience. The article also hints at Kettle's upcoming presentation at Black Hat USA, where he will delve deeper into these topics. The discussion includes the significance of understanding the classes of vulnerabilities identified in recent research, particularly those related to LLM-generated patches. Key Points: • James Kettle discusses the top web hacking techniques of 2025 and LLMs' future impact. • A recent breach highlights the risks of poor access control and excessive permissions. • Kettle emphasizes the need for robust tools and educational resources in vulnerability research.

Key Entities

• Cross-Site Scripting (xss) (mitre_attack)
• Phishing (attack_type)
• Sql Injection (attack_type)
• XSS (vulnerability)
• HTTP Desync Attacks (vulnerability)
• HTTP Request Smuggling (vulnerability)
• Server-Side Template Injection (vulnerability)
• Web Cache Poisoning (vulnerability)
• CWE-22 - Path Traversal (cwe)
• CWE-269 - Improper Privilege Management (cwe)
• CWE-287 - Improper Authentication (cwe)
• CWE-78 - OS Command Injection (cwe)
• Cwe-79 - Cross-site Scripting (xss) (cwe)
• CodeQL (tool)
• Python (tool)
• Backslash Powered Scanner (tool)
• Burp Collaborator (tool)
• Burp Suite (tool)
• JWT (platform)
• OIDC (platform)
• PyJWT (platform)
• Redis (platform)
• Web Security Academy (platform)