Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Study of clickjacking vulerabilities on popular sites SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Study of clickjacking vulerabilities on popular sites

If you are looking for some activity on this sunday afternoon (2:37 PM GMT-5 here in Medellín, Colombia), I strongly suggest you to review the excellent paper published by Gustav Rydstedt, Elie Bursztein, Dan Boneh from Stanford University about clickjacking attacks and how to put in place proper defense against them.

Download the paper here: http://seclab.stanford.edu/websec/framebusting/framebust.pdf

 -- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

194 Posts
ISC Handler
Jun 27th 2010
The paper shows how to implement a default deny policy that does not rely on scripts running. Then, methods to block or break frame-busting code are not useful. I wonder what comes next...
Anonymous

Sign Up for Free or Log In to start participating in the conversation!