Analysing and Detection of Clickjacking Attack

Authors(4) :-K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami

In a clickjacking attack, a lot of effort has been put into researching client-side attacks, including such as cross-site scripting and request forgery, and more recently, clickjacking. Similar to other client-side attacks, clickjacking attacks can use the internet browser to utilize weaknesses in cross domain isolation and the single origin policy. It tricking the clients to click on something that is actually not what the user perceives they are clicking on. In the most severe cases, this vulnerability attack can cause an unsuspecting user to have their account compromised with an only a single click. Although there are some protections available for clickjacking attack, the web applications implementing these mitigations are too far and in middle cases. Additionally, although the possibility for an attacker to frame a page is easy to detect, it is more difficult to demonstrate or assess the impact of a clickjacking vulnerability than more traditional client-side vectors.

Authors and Affiliations

K. Gokul
Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
P. J. Gowtham
Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
S. Jaffar Ahamed
Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India
G. Abirami
Department of Information Technology, Dhanalakshmi College of Engineering, Chennai, Tamiladu, India

Clickjacking, Internet Protocol address, Uniform Resource Locator, iFrame, Antivirus, Web Vulnerabilities

    1. Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
    2. S.Kals, E.Kirda, C.Kruegel, and N. Jovanovic. Secubat: a web vulnerability scanner. In WWW 06: Proceedings of the 15th international conference on World Wide Web, pages 247256, New York, NY, USA, 2006. ACM.
    3. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper). In IEEE Symposium on Security and Privacy, pages 258263, 2006.
    4. G. Wassermann and Z. Su. Sound and precise analysis of web applications for injection vulnerabilities. SIGPLAN Not., 42(6):3241, 2007.
    5. Y.Xie and A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX-SS06: Proceedings of the 15th conference on USENIX Security Symposium, Berkeley, CA, USA, 2006. USENIX Association.
    6. Y.-W. Huang, S.-K. Huang, T.-P. Lin, and C.-H. Tsai. Web application security assessment by fault injection and behavior monitoring. In WWW 03: Proceedings of the 12th international conference on World Wide Web, pages 148159, New York, NY, USA, 2003. ACM.
    7. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. Cross site scripting prevention with dynamic data tainting and static analysis. In Proceedings of the Network and Distributed System Security Symposium, NDSS 2007, San Diego, California, USA, 28th February - 2nd March 2007, 2007.
    8. N. Provos, D. McNamee, P. Mavrommatis, K. Wang, and N. Modadugu. The ghost in the browser analysis of web-based malware. In HotBots07: Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets, pages 44, Berkeley, CA, USA, 2007. USENIX Association.
    9. Y.-M. Wang, D. Beck, X. Jiang, and R. Roussev. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In IN NDSS, 2006.

Publication Details

Published in : Volume 2 | Issue 2 | March-April 2016
Date of Publication : 2016-04-30
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 77-80
Manuscript Number : IJSRST162238
Publisher : Technoscience Academy

Print ISSN : 2395-6011, Online ISSN : 2395-602X

Cite This Article :

K. Gokul, P. J. Gowtham, S. Jaffar Ahamed, G. Abirami, " Analysing and Detection of Clickjacking Attack, International Journal of Scientific Research in Science and Technology(IJSRST), Print ISSN : 2395-6011, Online ISSN : 2395-602X, Volume 2, Issue 2, pp.77-80, March-April-2016. Available at doi : 10.32628/IJSRST162238
Journal URL : http://ijsrst.com/IJSRST162238

Article Preview

Contact Us