View
522
Download
0
Category
Tags:
Preview:
Citation preview
NEA-SEA ITC 2009
Click JackingMarch 2009 ITCJay Hall
What is Click Jacking?
A method used by an attacker to hide a button, or link, on a legitimate page, using other web content to mask the page's context.
Using well placed graphics, the attacker may be able to persuade a victim to click where an attacker wants on the page.
This is also known as User-Interface (UI) redress and iFrame overlay.
Click Jacking is not dependent on Java.
Preventing Click Jacking
Website Owners Add JavaScript frame busting code to the website
to ensure none of the web pages can be framed by a malicious third party.
Important action buttons on the web site should require JavaScript to execute.
This helps prevent certain browser features that negate the solution.
Sensitive actions should be validated using an out of band communication channel.
Email or SMS.
Preventing Click Jacking
Users Make sure you logout of website when you are
done conducting business. Instal the NoScript Firefox plugin. Disable all plugins.
Questions
???????????????
The End
Recommended