Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform unin- tended actions that might be advantageous for the attacker. To defend against clickjacking, many techniques have been proposed, but it is still questionable whether they are effectively deployed in practice. We investigated how vulnerable Korean websites are to clickjacking attacks by performing real attacks on the top 500 most popular Korean websites as well as all of the financial websites. Our results are quite significant: almost all Korean websites (99.6%) that we looked at were vulnerable to clickjacking attacks. Extending our observation to top 500 global websites, we found that 390 of them (78%) were also vulnerable to clickjacking attacks and identified which type of website is particularly insecure against clickjacking.
[1]
Ivan Ristic,et al.
Apache Security
,
2005
.
[2]
Helen J. Wang,et al.
Clickjacking: Attacks and Defenses
,
2012,
USENIX Security Symposium.
[3]
Dan Boneh,et al.
Busting frame busting a study of clickjacking vulnerabilities on popular sites
,
2010
.
[4]
Hyoungshick Kim,et al.
We Are Still Vulnerable to Clickjacking Attacks: About 99 % of Korean Websites Are Dangerous
,
2013,
WISA.
[5]
David A. Wagner,et al.
An Empirical Study of Vulnerability Rewards Programs
,
2013,
USENIX Security Symposium.