Clickjacking

/0 Comments/in /by

Description

Clickjacking, also known as a UI Redress Attack, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on what they can see, which is the the top level page.

This is a malicious technique of tricking web users into clicking on something different from what they believe they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

This is a browser security issue that is a vulnerability throughout a variety of browsers and platforms.

See how to fix it!

Risk

The user can perform actions such as orders, change settings, adding/deleting/modifying data without his knowledge. The user can also insert sensitive and personal data to fields believed to be legitimate, but instead controlled by that attacker.

How to prevent clickjaking

Prevent clickjaking in IIS7
Prevent clickjaking in ASP.NET
Prevent clickjaking in JAVA

References

http://en.wikipedia.org/wiki/Clickjacking
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

X-Frame-Option is dead, long live Content Security Policy!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *