Logo image
Classification of Clickjacking Attacks and Detection Techniques
Journal article   Peer reviewed

Classification of Clickjacking Attacks and Detection Techniques

Hossain Shahriar and Vamshee Krishna Devendran
Information security journal, Vol.23(4-6), pp.137-147
2014
Web of Science ID: WOS:000214829400003

Abstract

Among many existing security threats, clickjacking attacks are the least understood and one of the common emerging security threats on the Web. A clickjacking attack lures users to click on objects transparently placed in malicious Web pages that may lead to unwanted operations on the legitimate Websites without the knowledge of the users. In particular, victims can be tricked to click on objects from various Websites such as social networks (Facebook, Twitter), shopping (Amazon), and online banking. Therefore, clickjacking attacks need to be addressed to mitigate these unwanted consequences. To combat the clickjacking attacks, it is necessary to understand how clickjacking attacks occur in the real world along with the comparative performance of the state-of-the art solutions. In this article, we discuss various basic and advanced clickjacking attacks. We then discuss a number of client, server, and proxy-level approaches that can be employed to combat clickjacking attacks. We also highlight the advantages and disadvantages along with attack type coverage information. The findings should enable security practitioners to be aware of the most recent development in this area and choose the appropriate defense mechanism based on their needs.

Details

Logo image