Chapter 5
Clickjacking
In 2008, security experts Robert Hansen and Jeremiah Grossman discovered an attack called clickjacking (click to hijack). This attack affected almost all desktop platforms, including IE, Safari, Firefox, Opera, and Adobe Flash. The two discoverers planned to demonstrate it in the OWASP security conference, but all manufacturers (including Adobe) demanded not to release the attack before a solution to counter it was found.
5.1 What Is Clickjacking?
Clickjacking is a malicious technique that visually deceives the user into clicking on something different than what is perceived. An attacker uses a transparent, invisible iframe over an authentic web page and then allures the user to operate on that page. The users are led ...
Get Web Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.