Clickjacking Attack

Tags:

Post on 22-Jan-2015

271 Views

Category:

Technology

2 Downloads

Preview:

Click to see full reader

DESCRIPTION

Seminar

Transcript

CLICKJACKINGSecurity Nightmare

Jeremiah Grossman (Whitehat Security)

Robert Hansen(SecTheory)

2008

also known as a "UI redress attack"

…is a malicious technique of tricking a web user…

…into clicking on something different… from what the user perceives they are clicking on

12 cases

+ Browser+ Plug-in+ Website

NOT ALL

<iframe>opacity & z-index

My page (malicious page)w3schools.com

<iframe src=http://www.w3schools.com></iframe>

opacity: 1;z-index: 0;

opacity: 0.5;z-index: 1;

Server side

• X-Frame-Options

• Framebuster

Client side

• No-Script

Header append X-Frame-Options “DENY”

Framebuster

No-Scripts add-on

top related

Next Generation Clickjacking
Documents
Computer Security: Clickjacking - University of...
Documents
Clickjacking und UI-Redressing...Einleitung Angri e...
Documents
Clickjacking DevCon2011
Technology
Kentico 9 · Clickjacking Clickjacking is a type of attack....
Documents
Strumenti di protezione da attacchi di tipo...
Documents
UI Redressing and Clickjacking: About click fraud and data.....
Documents
System Architecture and Security Model for...
Documents
New Insights into Clickjacking
Technology
PowerPoint Presentation€¦ · How to protect your web...
Documents
More attacks on Clients: Clickjacking/UI redressing,...
Documents
Next Generation Clickjacking - Black Hat...
Documents
Vulnerability Assessment Report - Avenging Security ·...
Documents
Server-side approaches to clickjacking...
Documents
Busting Frame Busting: a Study of Clickjacking ... · a...
Documents
New Computer Security Threat - ClickJacking
Documents