Pages: 24
Rating : ⭐⭐⭐⭐⭐
Price: $10.99
Page 1 Preview
serverside approaches clickjacking detectionbrad h

Server-side approaches clickjacking detectionbrad hill

Server-side approaches to clickjacking detection

Brad Hill, PayPal

• Also doesn’t stop pop-under-and-close attacks

Drawbacks of client-enforced screenshot approach
• Incomplete coverage of attack scenarios – Fake mouse cursor, attention stealing attacks

Adaptive UI Randomization

• Clickjacking attacks are still subject to the read restrictions of the same-origin policy

• Attacker can profit even at a small success rate

• Few interfaces allow randomization among a large number of locations without creating a very poor user experience


• Associate possible clickjacking targets with a beneficiary or beneficiaries

Look at first-click miss rates,


• Can’t distinguish individual clickjacking attempts

• But a campaign of clickjacking will quickly
show up – the missed click rate for that bucket will rise above the natural missed click rate


Sensitivity of Clickjacking Detection
at two standard deviations from natural missed click rate

Clickjacking attempts per 100 clicks



1 2 3 4 5 6 7 8 9
M=3%, σ=1%

M=25%, σ=2%

Pretty good…

Conversion Rate Improvement with clickjacking before detection at 2σ


Percentage increase in conversion
1 2 3 4 5 6 7 8 9

N (number of randomized locations)

M=3%, σ=1%

M=25%, σ=2%

• Instead of turning off service, can trigger a switch to a functional, if less optimal, interface that is more clickjacking resistant
– Popup in dedicated context with X-Frame-Options – Add a CAPTCHA or re-verify credentials
– These responses can be completely automated, and combined with manual investigation according to standard anti-fraud practices



You are viewing 1/3rd of the document.Purchase the document to get full access instantly

Immediately available after payment
Both online and downloadable
No strings attached
How It Works
Login account
Login Your Account
Place in cart
Add to Cart
send in the money
Make payment
Document download
Download File

Uploaded by : Richard Marshall

PageId: ELIC53BF41