Open Access
Subscription Access
Clickjacking Attack:Hijacking User’s Click
The cyber attacks have become most prevalent in the past few years. During this time, attackers have discovered new vulnerabilities to carry out malicious activities on the internet. Both the clients and the servers have been victimized by the attackers. Clickjacking is one of the attacks that have been adopted by the attackers to deceive the innocuous internet users to initiate some action. Clickjacking attack exploits one of the vulnerabilities existing in the web applications. This attack uses a technique that allows cross domain attacks with the help of user-initiated clicks and performs unintended actions. This paper traces out the vulnerabilities that make a website vulnerable to clickjacking attack and proposes a solution for the same.
Keywords
Clickjacking, Cursorjacking, Frame Busting, Iframe, X-Frame-Options.
User
Font Size
Information
- Symantec Corporation, Internet Security Threat Report, 2012. [Online]. Available: http://www.symantec.com/threatreport/
- WhiteHat Security, Inc., Website Security Statistics Report 2015, Santa Clara, CA 95054, 2015.
- HP Security Research, “Cyber Risk Report”, 2015.
- BCC Risk Advisory Ltd., 2016 Vulnerability Statistics Report Edgescan, 2016. [Online]. Available: http://www.edgescan.com
- Robert Hansen and Jeremiah Grossman, Explanation of Clickjacking. [Online]. Available: http://www.sectheory.com/clickjacking.htm
- Context Information Security Ltd, Next Generation Clickjacking, London, 2010. [Online]. Available: http://www.contextis.co.uk
- Dingjie Yang, Clickjacking: An Overlooked Web Security Hole, 2012. [Online]. Available: https://blog.qualys.com/securitylabs/2012/11/29/clickja cking-an-overlooked-web-security-hole
- Lin-Shung Huang, Alex Moshchuk, Helen J. Wang, Stuart Schechter and Collin Jackson, Clickjacking: Attacks and Defenses, Proc. USENIX Security Symposium, Bellevue, WA, 2012, 413-428.
- Hanqing Wu and Liz Zhao, Clickjacking in Web Security: A WhiteHat Perspective (New York, NY, USA: CRC Press, 2015) 141-156.
- R. P. Seenivasan and K. Suresh Joseph, A Survey of Clickjacking Attack and Countermeasures in Web Environment, International Journal of Advanced Research in Computer Science and Software Engineering, 6(12), 2016, 206-213.
- Dipti Pawade, Era Johri, Divya Reja and Abhilasha Lahigude, Implementation of Extension for Browser to Detect Vulnerable Elements on Web Pages and Avoid Clickjacking, Proc. 6th IEEE International Conf. on Cloud System and Big Data Engineering, Noida, India, 2016, 226-230.
- G. Rydstedt, E. Bursztein, D. Boneh and C. Jackson, Busting frame busting: a study of clickjacking vulnerabilities at popular sites, Proc. IEEE Web 2.0 Security and Privacy, Oakland, CA, 2010, 1-13.
- Brigette Lundeen and Jim Alves-Foss, Practical Clickjacking with BeEF, Proc. IEEE Conf. on Technologies for Homeland Security (HST), Massachusetts, USA, 2012, 614-619.
- Daehyun Kim and Hyoungshick Kim, Performing clickjacking attacks in the wild: 99% are still vulnerable!, Proc. IEEE 1st International Conf. on Software Security and Assurance, Suwon, South Korea, 2015, 25-29.
- A. Sankara Narayanan, Clickjacking Vulnerability and Countermeasures, International Journal of Applied Information Systems, 4(7), 2012, 7-10.
- Yusuke Takamatsu and Kenji Kono, Detection of Visual Clickjacking Vulnerabilities in Incomplete Defenses, IEEE Journal of Information Processing, 23(4), 2015, 513-524.
- M. Balduzzi, M. Egele, E. Kirda, D. Balzarotti and C. Kruegel, A Solution for the Automated Detection of Clickjacking Attacks, Proc. 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010, 135–144.
Abstract Views: 184
PDF Views: 0