New Insights into Clickjacking
by Marco Balduzzi, IT Security Researcher on Jun 29, 2010
- 7,111 views
- Owasp AppSec Research 2010 - ...
- Owasp AppSec Research 2010 -
Over the past year, clickjacking received extensive media coverage. News portals and security forums have been overloaded by posts claiming clickjacking to be the upcoming security threat.
In a clickjacking attack, a malicious page is constructed (or a benign page is hijacked) to trick the user into performing unintended clicks that are advantageous for the attacker, such as propagating a web worm, stealing confidential information or abusing of the user session.
This presentation introduces a novel solution we designed and implemented for an automated detection of clickjacking attacks on web-pages. The presentation details the architecture of our detection and testing system and it presents the results we obtained from the analysis of over a million "possibly malicious" Internet pages.
- Total Views
- Views on SlideShare
- Embed Views