Clickjacking Flashcards
1
Q
What’s clickjacking?
A
type of attack where an attacker tricks a user into unknowingly clicking on a hidden or disguised element on a web page
2
Q
What’s the goal of clickjacking?
A
hijack the user’s clicks and perform actions without their knowledge or consent
3
Q
How do attackers exploit clickjacking?
A
by overlaying or embedding the target application within a malicious web page or an invisible layer
4
Q
What are the potential consequences of clickjacking?
A
- Unauthorized Actions
- Information Theft
- Social Engineering
- by overlaying legitimate content with misleading elements, attackers can manipulate user behavior, such as granting permissions or sharing content unknowingly
5
Q
What is the prevention and mitigation for clickjacking?
A
- Frame Busting Techniques
- employ frame-busting code or security headers to prevent the embedding of web pages within other domains
- Content Security Policy (CSP)
- implement and enforce a CSP to restrict the types of content that can be loaded on a web page, mitigating the risk of clickjacking attacks
- X-Frame-Options Header
- set the X-Frame-Options header to restrict the loading of a web page in an iframe, protecting against clickjacking
- UI Design and Feedback
- design web interfaces with visual indicators or feedback mechanisms that alert users when actions are performed or when they navigate to other domains
- User Awareness
- educate users about the risks of interacting with unfamiliar or suspicious websites and encourage them to be cautious while clicking on links
