Vulnerability Analysis of Iframe Attacks on Websites

Clickjacking attacks are emerging threats to websites of different sizes and shapes. They are particularly used by threat agents to get more likes and/or followers in Online Social Networks (OSNs). This paper reviews the clickjacking attacks and the classic solutions to tackle various forms of those attacks. Different approaches of Cross-Site Scripting attacks are implemented in this study to study the attack tools and methods. Various iFrame attacks have been developed to tamper with the integrity of the website interactions at the application layer. By visually demonstrating the attacks such as Cross-Site scripting (XSS) and Cross-Site Request Forgery (CSRF), users will be able to have a better understanding of such attacks in their formulation and the risks associated with them.

[1]  Gary McGraw Silver Bullet Talks with Jeremiah Grossman , 2009, IEEE Security & Privacy Magazine.

[2]  Christopher Krügel,et al.  Peering through the iframe , 2011, 2011 Proceedings IEEE INFOCOM.

[3]  Kenji Kono,et al.  Clickjuggler: Checking for incomplete defenses against clickjacking , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[4]  Sufian Hameed,et al.  Clicksafe: Providing Security against Clickjacking Attacks , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[5]  Uyen Trang Nguyen,et al.  A study of clickjacking worm propagation in online social networks , 2014, Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014).

[6]  Franco Callegati,et al.  Frightened by Links , 2009, IEEE Security & Privacy.

[7]  Nazar Abbas Saqib,et al.  On Detection and Prevention of Clickjacking Attack for OSNs , 2013, 2013 11th International Conference on Frontiers of Information Technology.

[8]  J. Alves-Foss,et al.  Practical clickjacking with BeEF , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).