Clickjacking
Description
Clickjacking, also known as a UI Redress Attack, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on what they can see, which is the the top level page.
This is a malicious technique of tricking web users into clicking on something different from what they believe they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
This is a browser security issue that is a vulnerability throughout a variety of browsers and platforms.
Risk
The user can perform actions such as orders, change settings, adding/deleting/modifying data without his knowledge. The user can also insert sensitive and personal data to fields believed to be legitimate, but instead controlled by that attacker.
How to prevent clickjaking
Prevent clickjaking in IIS7
Prevent clickjaking in ASP.NET
Prevent clickjaking in JAVA
References
http://en.wikipedia.org/wiki/Clickjacking
https://www.owasp.org/index.php/Clickjacking
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Leave a Reply
Want to join the discussion?Feel free to contribute!