Analysing and Detection of Clickjacking Attack

Authors

  • K. Gokul  Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
  • P. J. Gowtham  Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
  • S. Jaffar Ahamed  Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
  • G. Abirami  Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India

Keywords:

Clickjacking, Internet Protocol address, Uniform Resource Locator, iFrame, Antivirus, Web Vulnerabilities

Abstract

In a clickjacking attack, a lot of effort has been put into researching client-side attacks, including such as cross-site scripting and request forgery, and more recently, clickjacking. Similar to other client-side attacks, clickjacking attacks can use the internet browser to utilize weaknesses in cross domain isolation and the single origin policy. It tricking the clients to click on something that is actually not what the user perceives they are clicking on. In the most severe cases, this vulnerability attack can cause an unsuspecting user to have their account compromised with an only a single click. Although there are some protections available for clickjacking attack, the web applications implementing these mitigations are too far and in middle cases. Additionally, although the possibility for an attacker to frame a page is easy to detect, it is more difficult to demonstrate or assess the impact of a clickjacking vulnerability than more traditional client-side vectors.

References

    1. Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
    1. S.Kals, E.Kirda, C.Kruegel, and N. Jovanovic. Secubat: a web vulnerability scanner. In WWW 06: Proceedings of the 15th international conference on World Wide Web, pages 247256, New York, NY, USA, 2006. ACM.
    2. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In IEEE Symposium on Security and Privacy, pages 258263, 2006.
    3. G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. SIGPLAN Not., 42(6):3241, 2007.
    4. Y.Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX-SS06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, 2006. USENIX Association.
    5. Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
    6. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, San Diego, California, USA, 28th February - 2nd March 2007, 2007.
    7. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser analysis of web-based malware. In HotBots07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 44, Berkeley, CA, USA, 2007. USENIX Association.
    8. Y.-M. Wang, D. Beck, X. Jiang, and R. Roussev. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In IN NDSS, 2006.

International Journal of Scientific Research in Science and Technology

Downloads

Published

2016-04-30

Issue

Volume 2, Issue 2, March-April-2016

Section

Research Articles

License

Copyright (c) IJSRST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami, " Analysing and Detection of Clickjacking Attack, International Journal of Scientific Research in Science and Technology(IJSRST), Online ISSN : 2395-602X, Print ISSN : 2395-6011, Volume 2, Issue 2, pp.77-80, March-April-2016.