Hijacking of Clicks: Attacks and Mitigation Techniques
暂无分享,去创建一个
Clickjacking attacks are an emerging threat on the Web. The attacks allure users to click on objects transparently placed in malicious Web pages. The resultant actions of the click operations may cause unwanted operations in the legitimate websites without the knowledge of users. Recent reports suggest that victims can be tricked to click on a wide range of websites such as social network (Facebook, Twitter), shopping (Amazon), and online banking. One reported incident on clickjacking attack enabled the webcam and microphone of a victim without his/her knowledge. To combat against clickjacking attacks, application developers need to understand how clickjacking attacks occur along with existing solutions available to defend the attacks. This chapter shows a number of basic and advanced clickjacking attacks. The authors then show a number of detection techniques available at the client, server, and proxy levels.
[1] Christopher Krügel,et al. A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.
[2] Helen J. Wang,et al. Clickjacking: Attacks and Defenses , 2012, USENIX Security Symposium.
[3] Hossain Shahriar,et al. ProClick: a framework for testing clickjacking attacks in web applications , 2013, SIN.
[4] Dan Boneh,et al. Busting frame busting a study of clickjacking vulnerabilities on popular sites , 2010 .