Home > Archives > IJSRST162238
Analysing and Detection of Clickjacking Attack
Authors(4) :-K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami
In a clickjacking attack, a lot of effort has been put into researching client-side attacks, including such as cross-site scripting and request forgery, and more recently, clickjacking. Similar to other client-side attacks, clickjacking attacks can use the internet browser to utilize weaknesses in cross domain isolation and the single origin policy. It tricking the clients to click on something that is actually not what the user perceives they are clicking on. In the most severe cases, this vulnerability attack can cause an unsuspecting user to have their account compromised with an only a single click. Although there are some protections available for clickjacking attack, the web applications implementing these mitigations are too far and in middle cases. Additionally, although the possibility for an attacker to frame a page is easy to detect, it is more difficult to demonstrate or assess the impact of a clickjacking vulnerability than more traditional client-side vectors.
K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami
Clickjacking, Internet Protocol address, Uniform Resource Locator, iFrame, Antivirus, Web Vulnerabilities
Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
- S.Kals, E.Kirda, C.Kruegel, and N. Jovanovic. Secubat: a web vulnerability scanner. In WWW 06: Proceedings of the 15th international conference on World Wide Web, pages 247256, New York, NY, USA, 2006. ACM.
- N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In IEEE Symposium on Security and Privacy, pages 258263, 2006.
- G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. SIGPLAN Not., 42(6):3241, 2007.
- Y.Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX-SS06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, 2006. USENIX Association.
- Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
- P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, San Diego, California, USA, 28th February - 2nd March 2007, 2007.
- N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser analysis of web-based malware. In HotBots07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 44, Berkeley, CA, USA, 2007. USENIX Association.
- Y.-M. Wang, D. Beck, X. Jiang, and R. Roussev. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In IN NDSS, 2006.
Published in : Volume 2 | Issue 2 | March-April 2016
Date of Publication : 2016-04-30
License: This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 77-80
Manuscript Number : IJSRST162238
Publisher : Technoscience Academy
PRINT ISSN : 2395-6011
ONLINE ISSN : 2395-602X
Cite This Article :
K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami, "Analysing and Detection of Clickjacking Attack", International Journal of Scientific Research in Science and Technology(IJSRST), Print ISSN : 2395-6011, Online ISSN : 2395-602X, Volume 2, Issue 2, pp.77-80, March-April-2016.
Journal URL : http://ijsrst.com/IJSRST162238