Sunday, June 27, 2010

Study of Clickjacking Vulnerabilities on Popular Sites

Web framing attacks such as clickjacking use iframes to hijack a user's web session.The most common defense,called frame busting,prevents a site from functioning when loaded inside a frame.We study frame busting practices for the Alexa Top-500 sites and show that all can be cir-cumvented in one way or another.Some circum-ventions are browser-speci c while others work across browsers.We conclude with recommen-dations for proper frame busting.

Download PDF

No comments: