Affiliation:
1. Kennesaw State University, USA
Abstract
Clickjacking attacks are an emerging threat on the Web. The attacks allure users to click on objects transparently placed in malicious Web pages. The resultant actions of the click operations may cause unwanted operations in the legitimate websites without the knowledge of users. Recent reports suggest that victims can be tricked to click on a wide range of websites such as social network (Facebook, Twitter), shopping (Amazon), and online banking. One reported incident on clickjacking attack enabled the webcam and microphone of a victim without his/her knowledge. To combat against clickjacking attacks, application developers need to understand how clickjacking attacks occur along with existing solutions available to defend the attacks. This chapter shows a number of basic and advanced clickjacking attacks. The authors then show a number of detection techniques available at the client, server, and proxy levels.
Reference17 articles.
1. Aharonovsky, G. (2008). Malicious camera spying using ClickJacking. Retrieved from http://blog.guya.net/2008/10/07/malicious-camera-spying-using-clickjacking, 2008
2. Balduzzi, M., Egele, M., Kirda, E., Balzarotti, D., & Kruegel, C. (2010). A solution for the automated detection of clickjacking attacks. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security (pp. 135-144). Beijing, China: ACM.
3. Brenner, M. (2009). Clickjacking and GuardedID. Retrieved from http://ha.ckers.org/blog/20090204/clickjacking-and-guardedid
4. Clickjacking. (2012). Clicjakcing. Retreived from https://www.owasp.org/index.php/Clickjacking
5. Clickjacking Defense Cheat Sheet. (2014). Retrieved from https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet