Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

May Edition 2020

International Journal of Applied Information Systems solicits high quality original research papers for the May 2020 Edition of the journal. The last date of research paper submission is April 15, 2020.

Clickjacking Vulnerability and Countermeasures

A. Sankara Narayanan Published in Security

International Journal of Applied Information Systems
Year of Publication: 2012
© 2012 by IJAIS Journal
10.5120/ijais12-450793
Download full text
  1. Sankara A Narayanan. Article: Clickjacking Vulnerability and Countermeasures. International Journal of Applied Information Systems 4(7):7-10, December 2012. BibTeX

    @article{key:article,
    	author = "A. Sankara Narayanan",
    	title = "Article: Clickjacking Vulnerability and Countermeasures",
    	journal = "International Journal of Applied Information Systems",
    	year = 2012,
    	volume = 4,
    	number = 7,
    	pages = "7-10",
    	month = "December",
    	note = "Published by Foundation of Computer Science, New York, USA"
    }
    

Abstract

Clickjacking is a web framing attack that has recently received wide media coverage. Web framing attacks such as clickjacking use iframes to hijack a user's web session. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only just or not at all visible. This paper will discuss the basic clickjacking vulnerabilities and countermeasures. This will also show that Clickjacking tool and online Clickjacking sample webpage's. Although clickjacking has been the subject of many discussions and reports, it is currently unclear to what extent clickjacking is being used by attackers in the wild, and how significant the attack is for the security of Internet users. Security experts describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

Reference

  1. Paul Stone, 2010. Next Generation Clickjacking, White Paper . Context Information Security Ltd.
  2. Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christoper Kruegel, 2010. A Solution for the Automated Detection of Clickjacking Attacks. ASIACCS.
  3. Gustav Rydstedt, Elie Bursztein, Dan Boneh, Collin Jackson, 2010. Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites. Web 2. 0 Security and Privacy.
  4. Clickjacking for Shells, 2011. OWASP Wellington, New Zealand Chapter Meeting.
  5. Robert Hansen, Jeremiah Grossman, 2008. Clickjacking. Sec Theory, Internet Security.
  6. Agam Shah, Joab Jackson, 2011. Doj Charges Seven in Massive Clickjacking Scheme. Network World IDG News Service.
  7. Lucian Constantin, 2011. Clickjacking Attacks Possible Despite Frame Busting Protection. Infoworld News Service.
  8. Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, Dan Boneh, 2011. Framing Attacks on Smart Phones and Dumb Routers Tap-jacking and Geo-localization Attacks. Security Lab Stanford.
  9. Face Book Clickjacking Demo. [Available: http://coding. pressbin. com/files/86-clickjacking_demo. html]
  10. Online Clickjacking Sample Page. [Available: http://myweb. wit. edu/duffj2/Homework/clickjack. html]
  11. Egele, Kirda, Balzarotti, Kruegel, 2010. New Insights into Clickjacking. OWASP Foundation AppSec Research.
  12. Bikash Dash, 2011. Introduction and Prevention to Clickjacking Attack. Eg Hacking.
  13. Clickjacking. [Available: http://www. wisegeek. com/what-is-clickjacking. htm]
  14. Clickjacking Tool, Context Information Security Ltd. [Available: http://www. contextis. com/research/tools/clickjacking-tool/]
  15. Clickjacking, 2012. The Open Web Application Security Project. [Available: https://www. owasp. org/index. php/Clickjacking]
  16. Clickjacking-Black Hat 2010. Context Information Security Ltd. [Available: http://www. contextis. com/research/white-papers/clickjacking-black-hat-2010/]

Keywords

Clickjacking, ClickIDS, Web Security, Browser Plug-in