Clickjacking Attack
16
CLICKJACKING Security Nightmare
-
Upload
tung-ha-son -
Category
Technology
-
view
273 -
download
2
description
Seminar
Transcript of Clickjacking Attack
![Page 1: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/1.jpg)
CLICKJACKINGSecurity Nightmare
![Page 2: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/2.jpg)
Jeremiah Grossman (Whitehat Security)
Robert Hansen(SecTheory)
2008
![Page 3: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/3.jpg)
also known as a "UI redress attack"
…is a malicious technique of tricking a web user…
…into clicking on something different… from what the user perceives they are clicking on
![Page 4: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/4.jpg)
12 cases
+ Browser+ Plug-in+ Website
NOT ALL
![Page 5: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/5.jpg)
![Page 6: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/6.jpg)
![Page 7: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/7.jpg)
<iframe>opacity & z-index
![Page 8: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/8.jpg)
My page (malicious page)w3schools.com
<iframe src=http://www.w3schools.com></iframe>
![Page 9: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/9.jpg)
opacity: 1;z-index: 0;
![Page 10: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/10.jpg)
opacity: 0.5;z-index: 1;
![Page 11: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/11.jpg)
![Page 12: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/12.jpg)
Server side
• X-Frame-Options
• Framebuster
Client side
• No-Script
![Page 13: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/13.jpg)
Header append X-Frame-Options “DENY”
![Page 14: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/14.jpg)
Framebuster
![Page 15: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/15.jpg)
No-Scripts add-on
![Page 16: Clickjacking Attack](https://reader033.fdocuments.net/reader033/viewer/2022061222/54c04e114a795953308b458e/html5/thumbnails/16.jpg)