What is Clickjacking ❓ Definition and Prevention techniques

What precisely is clickjacking, and how can it work?

Types of clickjacking

  • Complete Transparent Overlay
  • Hidden overlay
  • Cropping
  • Click event dropping
  • Rapid substance replacement
  • Scrolling
  • Drag-and-drop
  • Repositioning

A simple example of clickjacking

<head>
<style>
#target_website {position:relative;width:128px;height:128px;opacity:0.00001;z-index:2;}
#decoy_website {position:absolute;width:300px;height:400px;z-index:1;} </style>
</head>
...
<body>
<div id="decoy_website">
...bait web content here...
</div>
<iframe id="target_website" src="https://defenseless website.com">
</iframe>
</body>

How can I prevent clickjacking?

  • Prevent Framing
  • X-Frame-Options
  • Add Framekiller to site
  • Content Security Policy (CSP)
  • Install program expansions
  • Frame busting scripts
<script> in the event that (top != window) {top.location = window.location; } </script>
<script> window.onbeforeunload = work() {return bogus;}; </script>
<iframe id="decoy_webpage" src="https://pantomime website.com" sandbox="allow-scripts award structures permit same-origin"> </iframe>

--

--

--

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The 10 most dangerous mistakes big corporations make about their security.

Top 10 Winners of BTFS Storage Space Mining Competition on August 29

With great technological power comes great responsibility

Risk Assessments In Healthcare — Avoid Data Breaches

Six Things You Can Do to Protect Your Network and Personal Data.

How to browse the web (a little) more securely

Block third-party cookies

Hack The Box —Netmon: Walkthrough (without Metasploit)

Questions to ask your IoT supplier

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ivan Novikov

Ivan Novikov

CEO at Wallarm. Application security platform to prevent threats and discover vulnerabilities in a real-time.

More from Medium

Pluralsight review, pricing and more (+ top-rated courses)

Global Skills Shortage in Cybersecurity — 2022

Wagtail blog part#2

Log4shell Vulnerability Explained