Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking.

Slides:

Advertisements

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Advertisements

With Microsoft Access 2010© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 PowerPoint Presentation to Accompany GO! with Microsoft ® Access.

Clickjacking CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.

Session Hijacking Why web security depends on communications security and how TLS everywhere is the only solution. Scott Helme - 6th Aug scotthel.me.

Video, audio, embed, iframe, HTML Form

New Computer Security Threat - ClickJacking Ehab Ashary CS591-F2010 University of Colorado, Colorado Springs Dr. C.Edward Chow.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: Frames © 2007 Prosoft Learning Corporation All rights reserved ITD 110 Web Page Design.

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 9: HTML Frames.

HTML Lesson 5 TBE 540. Prerequisites The user must be able to… –Create basic web pages with a text editor and/or a web page editor.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

 What I hate about you things people often do that hurt their Web site’s chances with search engines.

Audio and Video on the Web Sec 5-12 Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

© 2008 The McGraw-Hill Companies, Inc. All rights reserved. M I C R O S O F T ® Preparing for Electronic Distribution Lesson 14.

CpSc 462/662: Database Management Systems (DBMS) (TEXNH Approach) HTML Basics James Wang.

WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 13 - Dynamic HTML: Object Model and Collections Outline 13.1 Introduction 13.2 Object Referencing.

CSCI N241: Fundamentals of Web Design Copyright ©2004  Department of Computer & Information Science Adding Sound.

HTML Essentials HyperText. Why HyperText ? Hypertext is text or pictures which reference other pages which the reader can immediately access Hypertext.

Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Tutorial 7 Working with Multimedia. XP Objectives Explore various multimedia applications on the Web Learn about sound file formats and properties Embed.

HTML: Tables & Frames Internet Technology1. HTML: Tables Table tags ► surround the entire table ► header row (text is boldfaced) ► surround each row ►

CHAPTER 11 Spoofing Attack. INTRODUCTION Definition Spoofing is the act of using one machine in the network communication to impersonate another. The.

Securing Embedded User Interfaces: Android and Beyond Franziska Roesner and Tadayoshi Kohno University of Washington Mohamed Grissa A presentation of USENIX.

C HAPTER Social Networking Using Pinterest 6 Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall.

How To Add Flair To Your Site Maureen Enright, Elyse Kuriata, Nathan Boes, Hodge.

 We live in an information age where it's very easy to publish on the Internet. The average person can write their own blog and add to Wikipedia. Anything.

 2004 Prentice Hall, Inc. All rights reserved. Introduction to XHTML: Part 2 Outline frameset Element 5.10 Nested frameset s.

 2003 Prentice Hall, Inc. All rights reserved. Introduction to HTML: Frames Outline 1 Introduction 2 frameset Element 3 Nested frameset s 4 Web Resources.

Concepts  messages are passed through the internet by using a protocol called simple mail transfer protocol.  The incoming messages are.

 2004 Prentice Hall, Inc. All rights reserved. Chapter 13 - Dynamic HTML: Object Model and Collections Outline 13.1 Introduction 13.2 Object Referencing.

Videos. Adding Videos to a Web Page Videos can make our pages more interesting and engaging. Most video-hosting services, such as YouTube, will provide.

Workflows II: Collect feedback for a file How to collect feedback Collecting feedback for a file can be challenging. However, if you save a file to a document.

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

1 CSC317/318 INTERNET PROGRAMING / DYNAMIC WEB APPLICATION DEVELOPMENT Siti Nurbaya Ismail Faculty of Computer Science & Mathematics, Universiti Teknologi.

Technical Awareness on Analysis of Headers.

 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.

Adapted from  2012 Prentice Hall, Inc. All rights reserved. 5 th ed: Chapter 2 and th ed: 4.11 SY306 Web and Databases for Cyber Operations.

ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:

Compare and Contrast : Blackboard & a Personal Web Page www3.ltu.edu/~s_schneider/howto/faculty.htm You’ll find this presentation (and another) here :

Department of Computer Science, Florida State University CGS 3066: Web Programming and Design Spring Forms, HTML5 layout.

 AJAX technology  Rich User Experience  Characteristics  Real live examples  JavaScript and AJAX  Web application workflow model – synchronous vs.

Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.

29 Copyright © 2009, Oracle. All rights reserved. Administering the Oracle Business Intelligence Presentation Catalog.

Site Development Foundations © 2004 ProsoftTraining All rights reserved.

Jacking Drishti Wali Prashant Kumar. UI Redress Attack  Clickjacking also known as "UI redress attack or User Interface redress attack", is a malicious.

Chapter 8 Adding Multimedia Content to Web Pages HTML5 & CSS 7 th Edition.

CHAPTER 8 Multimedia 1. Using Multimedia ❖ Multimedia: the combination of text, sound, and video to express an idea or convey a message. ❖ Podcasts: a.

SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.

By : Praveen Tiwari.  It is a malicious technique of tricking a web user into clicking on something different to what the user perceives they are clicking.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Objective % Select and utilize tools to design and develop websites.

links and attachments: Help stop malware from spreading

Objective % Select and utilize tools to design and develop websites.

Protect crypto exchange website from hackers

Auditing Etsy The Security of Etsy

Faculty of Science IT Department By Raz Dara MA.

About Multimedia Files

Exercise 55 - Skills Slices and rollovers are useful interactive elements you can add to your Fireworks documents. Slices not only enable you to add features.

11.1 Applets & graphics.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems

HTML5 Audio & Video By Derek Peacock

Cross-Site Scripting Attack (XSS)

Cross Site Request Forgery (CSRF)

Presentation transcript:

Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking

Adapted from  2004 Prentice Hall, Inc. All rights reserved.

Imagine an attacker who builds a web site that has a button on it that says “click here for a free iPod”. However, on top of that web page, the attacker has loaded an with your mail account, and lined up exactly the “delete all messages” button directly on top of the “free iPod” button. The victim tries to click on the “free iPod” button but instead actually clicked on the invisible “delete all messages” button. In essence, the attacker has “hijacked” the user’s click, hence the name “Clickjacking”.

Adapted from  2004 Prentice Hall, Inc. All rights reserved. The tag specifies an inline frame. An inline frame is used to embed another document within the current HTML document.

Adapted from  2004 Prentice Hall, Inc. All rights reserved. Clickjacking Attackers load a page over another page in a transparent layer. The users think that they are clicking visible buttons, while they are actually performing actions on the hidden/invisible page. The hidden page may be an authentic page; therefore, the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.

Adapted from  2004 Prentice Hall, Inc. All rights reserved. By loading Adobe Flash plugin settings page into an invisible iframe, an attacker could trick a user into altering the security settings of Flash, giving permission for any Flash animation to utilize the computer's microphone and camera. Twitter worm. This clickjacking attack convinced users to click on a button which caused them to re-tweet the location of the malicious page, and propagated massively. Attackers can trick logged-in Facebook users to arbitrarily like fan pages, links, groups, etc Past Clickjacking attacks

Adapted from  2004 Prentice Hall, Inc. All rights reserved. Defense NoScript- Mozilla add-on prevents users from clicking on invisible or "redressed" page elements of embedded documents or applets. Guarded ID- Forces all iframes to become visible Framekiller- web server does NOT allow itself to be framed ie(facebook, gmail, etc)