CFP last date
15 October 2024
Reseach Article

Clickjacking Vulnerability and Countermeasures

by A. Sankara Narayanan
International Journal of Applied Information Systems
Foundation of Computer Science (FCS), NY, USA
Volume 4 - Number 7
Year of Publication: 2012
Authors: A. Sankara Narayanan
10.5120/ijais12-450793

A. Sankara Narayanan . Clickjacking Vulnerability and Countermeasures. International Journal of Applied Information Systems. 4, 7 ( December 2012), 7-10. DOI=10.5120/ijais12-450793

@article{ 10.5120/ijais12-450793,
author = { A. Sankara Narayanan },
title = { Clickjacking Vulnerability and Countermeasures },
journal = { International Journal of Applied Information Systems },
issue_date = { December 2012 },
volume = { 4 },
number = { 7 },
month = { December },
year = { 2012 },
issn = { 2249-0868 },
pages = { 7-10 },
numpages = {9},
url = { https://www.ijais.org/archives/volume4/number7/368-0793/ },
doi = { 10.5120/ijais12-450793 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-07-05T10:47:39.367114+05:30
%A A. Sankara Narayanan
%T Clickjacking Vulnerability and Countermeasures
%J International Journal of Applied Information Systems
%@ 2249-0868
%V 4
%N 7
%P 7-10
%D 2012
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Clickjacking is a web framing attack that has recently received wide media coverage. Web framing attacks such as clickjacking use iframes to hijack a user's web session. In a clickjacking attack, a malicious page is constructed such that it tricks victims into clicking on an element of a different page that is only just or not at all visible. This paper will discuss the basic clickjacking vulnerabilities and countermeasures. This will also show that Clickjacking tool and online Clickjacking sample webpage's. Although clickjacking has been the subject of many discussions and reports, it is currently unclear to what extent clickjacking is being used by attackers in the wild, and how significant the attack is for the security of Internet users. Security experts describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.

References
  1. Paul Stone, 2010. Next Generation Clickjacking, White Paper . Context Information Security Ltd.
  2. Marco Balduzzi, Manuel Egele, Engin Kirda, Davide Balzarotti, Christoper Kruegel, 2010. A Solution for the Automated Detection of Clickjacking Attacks. ASIACCS.
  3. Gustav Rydstedt, Elie Bursztein, Dan Boneh, Collin Jackson, 2010. Busting Frame Busting: A Study of Clickjacking Vulnerabilities on Popular Sites. Web 2. 0 Security and Privacy.
  4. Clickjacking for Shells, 2011. OWASP Wellington, New Zealand Chapter Meeting.
  5. Robert Hansen, Jeremiah Grossman, 2008. Clickjacking. Sec Theory, Internet Security.
  6. Agam Shah, Joab Jackson, 2011. Doj Charges Seven in Massive Clickjacking Scheme. Network World IDG News Service.
  7. Lucian Constantin, 2011. Clickjacking Attacks Possible Despite Frame Busting Protection. Infoworld News Service.
  8. Gustav Rydstedt, Baptiste Gourdin, Elie Bursztein, Dan Boneh, 2011. Framing Attacks on Smart Phones and Dumb Routers Tap-jacking and Geo-localization Attacks. Security Lab Stanford.
  9. Face Book Clickjacking Demo. [Available: http://coding. pressbin. com/files/86-clickjacking_demo. html]
  10. Online Clickjacking Sample Page. [Available: http://myweb. wit. edu/duffj2/Homework/clickjack. html]
  11. Egele, Kirda, Balzarotti, Kruegel, 2010. New Insights into Clickjacking. OWASP Foundation AppSec Research.
  12. Bikash Dash, 2011. Introduction and Prevention to Clickjacking Attack. Eg Hacking.
  13. Clickjacking. [Available: http://www. wisegeek. com/what-is-clickjacking. htm]
  14. Clickjacking Tool, Context Information Security Ltd. [Available: http://www. contextis. com/research/tools/clickjacking-tool/]
  15. Clickjacking, 2012. The Open Web Application Security Project. [Available: https://www. owasp. org/index. php/Clickjacking]
  16. Clickjacking-Black Hat 2010. Context Information Security Ltd. [Available: http://www. contextis. com/research/white-papers/clickjacking-black-hat-2010/]
Index Terms

Computer Science
Information Sciences

Keywords

Clickjacking ClickIDS Web Security Browser Plug-in