Classification of Clickjacking Attacks and Detection Techniques
Department
Computer Science
Document Type
Article
Publication Date
10-22-2014
Abstract
Among many existing security threats, clickjacking attacks are the least understood and one of the common emerging security threats on the Web. A clickjacking attack lures users to click on objects transparently placed in malicious Web pages that may lead to unwanted operations on the legitimate Websites without the knowledge of the users. In particular, victims can be tricked to click on objects from various Websites such as social networks (Facebook, Twitter), shopping (Amazon), and online banking. Therefore, clickjacking attacks need to be addressed to mitigate these unwanted consequences. To combat the clickjacking attacks, it is necessary to understand how clickjacking attacks occur in the real world along with the comparative performance of the state-of-the art solutions. In this article, we discuss various basic and advanced clickjacking attacks. We then discuss a number of client, server, and proxy-level approaches that can be employed to combat clickjacking attacks. We also highlight the advantages and disadvantages along with attack type coverage information. The findings should enable security practitioners to be aware of the most recent development in this area and choose the appropriate defense mechanism based on their needs.
Journal Title
Information Security Journal: A Global Perspective
Journal ISSN
1939-3547
Volume
23
Issue
4
First Page
137
Last Page
147
Digital Object Identifier (DOI)
10.1080/19393555.2014.931489