Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites

Gustav Rydstedt; Elie Bursztein; Dan Boneh; Collin Jackson

clickjacking

Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites

By Gustav Rydstedt, Elie Bursztein, Dan Boneh, Collin Jackson @W2SP 2010

0 reaction(s) | 2405 downloads

We study frame busting defense for the Alexa Top-500 sites and show that all can be broken. Some attacks are browser-specific, other exploit code mistakes. We conclude with practical recommendations how to implement a secure frame busting defense.

Downloads

paper

slides

You might also like reading

Clickjacking 2010

Framing Attacks on Smartphones Dumb Routers and Social Sites Tap-jacking Geo-localization and Framing Leak Attacks

Blog 2011

What Phishing Sites Look Like Study

Mobile 2012

SessionJuggler Secure Web Login from an Untrusted Terminal Using Session Hijacking

Embedded devices 2009

XCS cross channel scripting and its impact on web applications

Web security 2010

An Analysis of Private Browsing Modes in Modern Browsers

Comments

About me

Researcher at Google, specializing in Internet security and privacy.

Latest blog posts

Blog posts loading requires that you enable javascript.

@INPROCEEDINGS {
title	= {Busting Frame Busting a Study of Clickjacking Vulnerabilities on Popular Sites}
author	= {Gustav Rydstedt and Elie Bursztein and Dan Boneh and Collin Jackson}
booktitle	= {Web 2.0 Security and Privacy 2010(W2SP)}
year	= {2010}
month	= {May}
url	= {\url{http://elie.im/publication/busting-frame-busting-a-study-of-clickjacking-vulnerabilities-on-popular-sites}}
}