Advertisement

Techniques to Detect Clickjacking Vulnerability in Web Pages

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 472)

Abstract

Clickjacking attack attracts clients towards clicking on items unsuspectingly to set in motion unpleasant web pages that may be punctual to perform undesirable operations on genuine web pages without any notifying the clients. Specifically, victims can be misled through clicking on items from different websites, for example, online social networking sites (Facebook, Twitter), shopping websites (Amazon), etc. This paper discusses in particular the efficient defence techniques, which comprise a tedious process of preventing clickjacking attacks. The study of different types of malicious activities, vulnerabilities and their weaknesses in web program framework is a challenging task. We study different approaches and defence techniques with the purpose of providing a valuable reference to clickjacking attacks in order to enable a safe and secure web environment. In addition, this paper provides a review of injecting different types of clickjacking attacks in a webpage constrained environment. To fight against clickjacking attacks, it is important to see how these attacks happen in the present reality along with the comparative study of the state of the art solutions.

Keywords

Clickjacking attacks Likjacking attacks Cursorjacking attacks Clickjacking defenses 

References

  1. 1.
    Simpkins L, Yuan X, Kim J (2014) A course module on clickjacking. In: Proceedings of the 2014 information security curriculum development conference. ACMGoogle Scholar
  2. 2.
    Takamatsu Y, Kono K (2014) Clickjuggler: checking for incomplete defenses against clickjacking. In: 2014 twelfth annual international conference on privacy, security and trust (PST). IEEEGoogle Scholar
  3. 3.
    Akhawe D, He W, Li Z, Moazzezi R, Song D (2014) Clickjacking revisited: a perceptual view of UI security. In: 8th USENIX workshop on offensive technologies (WOOT 14)Google Scholar
  4. 4.
    Huang L-S, Moshchuk A, Wang HJ, Schecter S, Jackson C (2012) Presented as part of the 21st USENIX security symposium (USENIX security 12)Google Scholar
  5. 5.
    Shahriar H, Devendran VK, Haddad H (2013) ProClick: a framework for testing clickjacking attacks in web applications. In: Proceedings of the 6th international conference on security of information and networks. ACMGoogle Scholar
  6. 6.
    Sood AK, Enbody RJ (2011) Frametrapping the framebusting defence. Netw SecurGoogle Scholar
  7. 7.
    Faghani MR, Nguyen UT (2014) A study of clickjacking worm propagation in online social networks. In: 2014 IEEE 15th international conference on information reuse and integration (IRI). IEEEGoogle Scholar
  8. 8.
    Shamsi JA, Hameed S, Rahman W, Zuberi F, Altaf K, Amjad A (2014) Clicksafe: providing security against clickjacking attacks. In: 2014 IEEE 15th international symposium on high-assurance systems engineering. IEEEGoogle Scholar
  9. 9.
    Van Goethem T, Chen P, Nikiforakis N, Desmet L, Joosen W (2014) Large-scale security analysis of the web: challenges and findings. In: International conference on trust and trustworthy computing. Springer International PublishingGoogle Scholar
  10. 10.
    Rydstedt G, Bursztein E, Boneh D, Jackson C (2010) Busting frame busting: a study of clickjacking vulnerabilities at popular sites. In: IEEE Oakland Web 2Google Scholar
  11. 11.
    Selim H, Tayeb S, Kim Y, Zhan J, Pirouz M (2016) Vulnerability analysis of Iframe attacks on website. In: Proceedings of the 3rd multidisciplinary international social networks conference on social informatics. ACMGoogle Scholar
  12. 12.
    Balduzzi M, Egele M, Kirda E, Balzarotti D, Kruegel C (2010) A solution for the automated detection of clickjacking attacks. In: Proceedings of the 5th ACM symposium on information, computer and communications security. ACMGoogle Scholar
  13. 13.
    Heiderich M, Niemietz M, Schuster F, Holz T, Schwenk J (2012) Scriptless attacks: stealing the pie without touching the sill. In: Proceedings of the 2012 ACM conference on computer and communications security. ACMGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.Department of Computer Science and EngineeringGovernment Women Engineering CollegeAjmerIndia

Personalised recommendations