HDTCV: Hybrid Detection Technique for Clickjacking Vulnerability

Evolution of web technologies also brings new exploits in web applications. Attacker gains new flaws in the web application to perform wide variety of malicious tasks. These malicious tasks will compromise sensitive information of users and also makes loss in market value of the organization. Thus, the study of various types of vulnerabilities and their weakness in the web application structure is a challenging task. This paper focuses on clickjacking attack and provides an efficient detection technique to overcome this attack. The proposed technique has the features and standards to measure the attack and how much the vulnerability is being exposed with respect to the context of application in the dynamic environment. Thus, the proposed system handles clickjacking efficiently and the vulnerability of the attack can be measured by the deviation of the system state with expected state.

[1]  Sanjay Kumar Jena,et al.  A fast and secure way to prevent SQL injection attacks , 2013, 2013 IEEE CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES.

[2]  Sufian Hameed,et al.  Clicksafe: Providing Security against Clickjacking Attacks , 2014, 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering.

[3]  Bazara I. A. Barry,et al.  Developing a security model to protect websites from cross-site scripting attacks using ZEND framework application , 2013, 2013 INTERNATIONAL CONFERENCE ON COMPUTING, ELECTRICAL AND ELECTRONIC ENGINEERING (ICCEEE).

[4]  Mohammad Zulkernine,et al.  Client-Side Detection of Cross-Site Request Forgery Attacks , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[5]  Martin J. Reed,et al.  Denial of service detection through TCP congestion window analysis , 2013, World Congress on Internet Security (WorldCIS-2013).

[6]  Danny Bradbury The dangers of badly formed websites , 2012 .

[7]  Christopher Krügel,et al.  A solution for the automated detection of clickjacking attacks , 2010, ASIACCS '10.

[8]  Helen J. Wang,et al.  The Multi-Principal OS Construction of the Gazelle Web Browser , 2009, USENIX Security Symposium.

[9]  Baptiste Gourdin Framing Attacks on Smart Phones and Dumb Routers: Tap-jacking and Geo-localization Attacks , 2010, WOOT.