Detection of Visual Clickjacking Vulnerabilities in Incomplete Defenses

doi:https://doi.org/10.2197/ipsjjip.23.513

Open AccessArticle10.2197/ipsjjip.23.513

Detection of Visual Clickjacking Vulnerabilities in Incomplete Defenses

Yusuke Takamatsu,Kenji Kono-2015-01-01-Journal of Information Processing

TL;DRAbstract

Clickjacking is a new attack which exploits a vulnerability in web applications. It tricks victims into clicking on something different from what they perceive they are clicking on. The victims may reveal confidential information or start unintended online transactions. Clickjacking attacks compromise visual integrity (called visual clickjacking) or condition integrity (called switchover clickjacking) to deceive victims. We address visual clickjacking in this paper. Visual clickjacking can be prevented if appropriate countermeasures such as frame busting are implemented in web applications. However, the correct implementation is not easy. A trivial mistake in the implementation leads to evasion of the countermeasures. For the correct implementation, web developers must have intimate knowledge on evasion techniques of the countermeasures. In this paper, we propose Clickjuggler, an automated tool for checking defenses against visual clickjacking during the development. Clickjuggler gener

Chat with Paper

AI Agents for this Paper

Clickjacking is a new attack which exploits a vulnerability in web applications. It tricks victims into clicking on something different from what they perceive they are clicking on. The victims may reveal confidential information or start unintended online transactions. Clickjacking attacks compromise visual integrity (called visual clickjacking) or condition integrity (called switchover clickjacking) to deceive victims. We address visual clickjacking in this paper. Visual clickjacking can be prevented if appropriate countermeasures such as frame busting are implemented in web applications. However, the correct implementation is not easy. A trivial mistake in the implementation leads to evasion of the countermeasures. For the correct implementation, web developers must have intimate knowledge on evasion techniques of the countermeasures. In this paper, we propose Clickjuggler, an automated tool for checking defenses against visual clickjacking during the development. Clickjuggler gener

Keywords

Computer scienceEvasion (ethics)Computer securityCorrectnessWeb applicationExploitVulnerability (computing)World Wide Web

Chat

Click to start Chat