External Link
https://doi.org/10.1145/2523514.2523538
BibTeX
@inproceedings{10.1145/2523514.2523538, author = {Shahriar, Hossain and Devendran, Vamshee Krishna and Haddad, Hisham}, title = {ProClick: a framework for testing clickjacking attacks in web applications}, year = {2013}, isbn = {9781450324984}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2523514.2523538}, doi = {10.1145/2523514.2523538}, abstract = {Clickjacking attacks are an emerging threat on the web. An attacker application presents a User Interface (UI) element of a target application out of context, such as hiding sensitive UI element by making it transparent to the end user. The user is tricked to click on the hidden element out of context. These attacks can cause severe damages such as compromising webcams and posting unintended messages. A large number of websites are still vulnerable to clickjacking and have no minimal protection at the server side (e.g., frame busting, X-Frame-Options header). Further, client-side defense techniques have been ineffective to deal with sophisticated clickjacking attack types and suffer from performance issues. This paper presents a proxy-level framework, ProClick, to detect clickjacking attacks. ProClick examines the content of requests and response pages at the proxy level to detect clickjacking attacks. We evaluate the proposed approach with a set of legitimate and malicious websites. The results indicate that our approach has low false positive and false negative rates. The overhead imposed by the proposed approach is also very negligible.}, booktitle = {Proceedings of the 6th International Conference on Security of Information and Networks}, pages = {144–151}, numpages = {8}, keywords = {x-frame-options, proxy, iframe, clickjacking, UI redressing, ProClick}, location = {Aksaray, Turkey}, series = {SIN ‘13} }