Presentation is loading. Please wait.

Presentation is loading. Please wait.

Clickjacking.

Published byJoão Pedro Castanho Rosa Modified over 5 years ago

Similar presentations

Presentation on theme: "Clickjacking."— Presentation transcript:

1 Clickjacking

2 First, make a tempting site

3 <style>iframe {
width:300px; height:100px; position:absolute; top:0; left:0; filter:alpha(opacity=00); opacity:0.0; }</style> <iframe src="

4 iframe is invisible, but still clickable!

5 X-Frame-Options HTTP Response Header
// to prevent all framing of this content response.addHeader( "X-FRAME-OPTIONS", "DENY" ); // to allow framing of this content only by this site response.addHeader( "X-FRAME-OPTIONS", "SAMEORIGIN" ); // to allow framing from a specific domain response.addHeader( "X-FRAME-OPTIONS", "ALLOW-FROM X" );

6 Legacy Browser Clickjacking Defense
<style id="antiCJ">body{display:none !important;}</style> <script type="text/javascript"> if (self === top) { var antiClickjack = document.getElementByID("antiCJ"); antiClickjack.parentNode.removeChild(antiClickjack) } else { top.location = self.location; } </script> Put this all in the HEAD tag

Download ppt "Clickjacking."

Similar presentations

CS193H: High Performance Web Sites Lecture 19: Vol 2 – Load Scripts Without Blocking Steve Souders Google

CS193H: High Performance Web Sites Lecture 19: Vol 2 – Load Scripts Without Blocking Steve Souders Google
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.

The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Introduction to Web Site Development Steven Emory Department of Computer Science California State University, Los Angeles Lecture 4: Tables and Frames.

Introduction to Web Site Development Steven Emory Department of Computer Science California State University, Los Angeles Lecture 4: Tables and Frames.
New Computer Security Threat - ClickJacking Ehab Ashary CS591-F2010 University of Colorado, Colorado Springs Dr. C.Edward Chow.

New Computer Security Threat - ClickJacking Ehab Ashary CS591-F2010 University of Colorado, Colorado Springs Dr. C.Edward Chow.
Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.

Web Same-Origin-Policy Lab Zutao Zhu 11/06/2009. Outline Background Setting SOP.
HTML Code. What we will cover Basic HTML Body Font Images Hyperlinks Tables Frames.

HTML Code. What we will cover Basic HTML Body Font Images Hyperlinks Tables Frames.
Chapter 6 Working with Frames.

Chapter 6 Working with Frames.
VARS – Website Creation Planning to create one Updating an existing one For a hobby For the family To Share (Files, Photographs, or whatever) WHY?

VARS – Website Creation Planning to create one Updating an existing one For a hobby For the family To Share (Files, Photographs, or whatever) WHY?
Cascading Style Sheet Basics Pepper. Looking at the HTML See the surrounding tags See head, body, paragraph, header See the ending tags See the list.

Cascading Style Sheet Basics Pepper. Looking at the HTML See the surrounding tags See head, body, paragraph, header See the ending tags See the list.
Scott Marino MSMIS Summer Session 1 - 2001 Web Site Design and Authoring Session 9 Scott Marino.

Scott Marino MSMIS Summer Session Web Site Design and Authoring Session 9 Scott Marino.
HTML and CSS- Layout. HTML Layout Frame Table – Block HTML5 layout elements.

HTML and CSS- Layout. HTML Layout Frame Table – Block HTML5 layout elements.
Title, meta, link, script.  The title looks like:  The tag defines the title of the document in the browser toolbar.  It also: ◦ Provides a title for.

Title, meta, link, script.  The title looks like:  The tag defines the title of the document in the browser toolbar.  It also: ◦ Provides a title for.
HTML: Tables & Frames Internet Technology1. HTML: Tables Table tags ► surround the entire table ► header row (text is boldfaced) ► surround each row ►

HTML: Tables & Frames Internet Technology1. HTML: Tables Table tags ► surround the entire table ► header row (text is boldfaced) ► surround each row ►
(draft-ietf-websec-frame-options-00 and draft-ietf-websec-x-frame-options-00) David Ross, Tobias Gondrom July 2012 Frame-Options 1.

(draft-ietf-websec-frame-options-00 and draft-ietf-websec-x-frame-options-00) David Ross, Tobias Gondrom July 2012 Frame-Options 1.
Copyright 2007, Information Builders. Slide 1 Understanding Basic HTML Amanda Regan Technical Director June, 2008.

Copyright 2007, Information Builders. Slide 1 Understanding Basic HTML Amanda Regan Technical Director June, 2008.
INTRODUCTION TO HTML5 Semantic Layout in HTML5.  The new semantic layout in HTML5 refers to a new class of elements that is designed to help you understand.

INTRODUCTION TO HTML5 Semantic Layout in HTML5.  The new semantic layout in HTML5 refers to a new class of elements that is designed to help you understand.
Pete LePage Senior Product Manager Microsoft Corporation SESSION CODE: WEB301.

Pete LePage Senior Product Manager Microsoft Corporation SESSION CODE: WEB301.
HTML : Forms, Frames Instructor: Mr. Ahmed Al Astal ITGD4104 Department Requirement for senior student University of Palestine Faculty of IT.

HTML : Forms, Frames Instructor: Mr. Ahmed Al Astal ITGD4104 Department Requirement for senior student University of Palestine Faculty of IT.
Table Row Table Data ( Header & Data) Data Cell Padding TABLE.

Table Row Table Data ( Header & Data) Data Cell Padding TABLE.

Similar presentations

Ads by Google