Essay --

ASTRACT:---The phenomenon of Clickjacking, one of the modern web based attacks which attracted the attention of web attackers as well as security researchers. Using this method, an attacker can spy a genuine user’s click and use it for malicious purposes. The Clickjacking attack allows to perform an action on victim site on visitor’s behalf. It takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. In this context, we shall analyse the internals of a clickjacking attack and methods to defend against it while using web applications . I.INTRODUCTION Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. They get installed through various channels in the user’s operating system and listen to key board events of the users, thereby stealing sensitive information. For clickjacking the attackers use hidden frames called â€Å"Ifames†. This has become a new threat and it has more devastating effects than key logging. II. IFREMES AND CONTENT ISOLATION HTML allows nesting of web pages via the â€Å"Iframe† tag. Typically, Iframes are used by developers to embed third party content into a website. Let us consider a webpage (parent) belonging to the origin â€Å"http://A.com† embedding a page (child) belonging to another origin â€Å"http://B.com†. Since the origin of both the pages are different, Jav... ... on social networking sites like Facebook. These spams are found to be used for stealing sensitive information of the users. Hence from this we have learnt how attackers establish the clickjacking attacks. We have also seen the two significant techniques used by developers to migrate against clickjacking. We hope to have more advances in web security, which helps in securing web applications. REFERENCES [1]Clickjacking http://www.google.com/url?sa=D&q=http://en.wikipedia.org/wiki/Clickjacking&us =AFQjCNEnGh31gxFW2qfk31UbeF8vQxihIg [2]Hansen,Robert and Grossman,Jeremiah, â€Å"Clickjacking†;http://wwww.sectheory.com/clickjacking.htm [3]http://www.owasp.org/index.php/Clickjacking [4] http://www.google.com/Javascript.info †º Tutorial †º Frames and windows [5]https://www.google.co.in/search?q=images+clickjacking&safe