Busting frame busting a study of clickjacking vulnerabilities on popular sitesBusting frame busting a study of clickjacking vulnerabilities on popular sites
  1. publications
  2. web security

Busting frame busting a study of clickjacking vulnerabilities on popular sites

Available Media

Publication (Pdf)

Slides (pdf)

ConferenceWeb 2.0 Security and Privacy
AuthorsGustav Rydstedt , Elie Bursztein , Dan Boneh ,
Citation

Bibtex Citation

@inproceedings{ RYDSTEDT2010BUSTING,title = {Busting frame busting a study of clickjacking vulnerabilities on popular sites},author = {"Gustav, Rydstedt" and "Elie, Bursztein" and "Dan, Boneh" and "Collin, Jackson"},booktitle = {Web 2.0 Security and Privacy},year = {2010},organization = {IEEE}}

Web framing attacks such as clickjacking use iframes to hijack a user’s web session. The most common defense, called frame busting, prevents a site from functioning when loaded inside a frame. We study frame busting practices for the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser-specific while others work across browsers. We conclude with recommendations for proper frame busting.

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.