Chapter 5


In 2008, security experts Robert Hansen and Jeremiah Grossman discovered an attack called clickjacking (click to hijack). This attack affected almost all desktop platforms, including IE, Safari, Firefox, Opera, and Adobe Flash. The two discoverers planned to demonstrate it in the OWASP security conference, but all manufacturers (including Adobe) demanded not to release the attack before a solution to counter it was found.

5.1 What Is Clickjacking?

Clickjacking is a malicious technique that visually deceives the user into clicking on something different than what is perceived. An attacker uses a transparent, invisible iframe over an authentic web page and then allures the user to operate on that page. The users are led ...

Get Web Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.