External Link
https://dl.acm.org/doi/10.1145/2695664.2695946
BibTeX
@inproceedings{10.1145/2695664.2695946, author = {Shahriar, Hossain and Haddad, Hisham}, title = {Security assessment of clickjacking risks in web applications: metrics based approach}, year = {2015}, isbn = {9781450331968}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2695664.2695946}, doi = {10.1145/2695664.2695946}, abstract = {clickjacking attacks steal user clicks through the generation of webpages overlaying legitimate webpages. These attacks redirect user clicks to attacker controlled webpages. Redirection of clicks can cause various unwanted activities and damages to users, such as liking a user profile not known to the victim on social networking websites, and changing of webcam setting revealing personal images and videos. There are little known systematic methodologies to compute the risk caused by clickjacking attacks. This paper presents an approach to compute the risk level of clickjacking attacks for deployed applications. In particular, our contribution is a proposed set of metrics to quantify the magnitude of attack prevalence through analysis of relevant code level features and defense mechanisms to prevent the attacks. The risk computation enables practitioners to understand whether more mitigation techniques are needed to prevent losses due to clickjacking attacks. We validated the proposed metrics using open source PHP web applications. Our evaluation indicates that some popular web applications are still vulnerable to clickjacking attacks and they require further protection at the implementation and environmental levels.}, booktitle = {Proceedings of the 30th Annual ACM Symposium on Applied Computing}, pages = {791–797}, numpages = {7}, keywords = {software, risk assessment, iframe, framebusting, clickjacking, auditing, application security metrics, X-frame-options}, location = {Salamanca, Spain}, series = {SAC ‘15} }