Clickjacking is when a threat actor leverages multiple transparent or opaque layers to trick users into clicking on a link or any component of a web application to redirect them to another page (often a malicious website). Clickjacking is also known as a “UI redress vulnerability” or “UI redress attack”.
Clickjacking attacks involve a level of social engineering in order to trick users to click on the affected components or links and redirect them to a malicious website.
Certain clickjacking vulnerabilities could also allow user keystrokes to also be hijacked. For instance, an attacker can craft or modify a combination of CSS stylesheets, iFrames, and web forms, to trick users to believe they are typing in a password in a web application. However, they are instead typing it into an invisible frame controlled by the attacker.
Preventing Clickjacking Vulnerabilities
The following are a few methods to prevent clickjacking vulnerabilities and underlying attacks:
The following additional resources provide detailed information on how to prevent clickjacking vulnerabilities at: