Home kellton

Main navigation

  • Services
    • Digital Business Services
      • Digital Experience
        • Product Strategy & Consulting
        • Product Design
        • Product Management
      • Product Engineering
        • Digital Application Development
        • Mobile Engineering
        • IoT & Wearables Solutions
        • Quality Engineering
      • Data Engineering & AI
        • Data Engineering
        • Data Science & ML
        • Generative AI & ChatGPT
        • Visualisation & Analytics
        • Integration & API
        • RPA
      • Cloud Engineering
        • Cloud Consulting
        • Cloud Migration
        • Cloud Managed Services
        • DevSecOps
      • NextGen Services
        • Blockchain
        • Web3
        • Metaverse
    • SAP
      • SAP Services
        • S/4HANA Implementations
        • SAP AMS Support
        • SAP Automation
        • SAP Security & GRC
        • SAP Value Added Solutions
        • Other SAP Implementations
  • Platforms & Products
    • Kellton4Health
    • Kellton4NFT
    • Kellton4Commerce
    • KLGAME
    • tHRive
    • Optima
  • Industries
    • Fintech, Banking, Financial Services & Insurance
    • Retail, E-Commerce & Distribution
    • Pharma, Healthcare & Life Sciences
    • Non-Profit, Government & Education
    • Travel, Logistics & Hospitality
    • HiTech, SaaS, ISV & Communications
    • Manufacturing, Automotive & Chemicals
    • Oil,Gas & Mining
    • Energy & Utilities
  • Insights
    • Blogs
    • Brochures
    • Success Stories
    • News / Announcements
    • Webinars
    • White papers
  • Careers
    • Life At Kellton
    • Jobs
  • About
    • About Us
    • Our Partners
    • Our Leadership
    • Testimonials
    • Investors
    • Privacy-Policy
    • Contact Us
Search

Breadcrumb

  1. Home
  2. Blogs
  3. How to Secure your Website from Clickjacking

How to Secure your Website from Clickjacking

Product Engineering
August 03rd , 2017
Posted By:
Kellton
linkedin
How to Secure your Website from Clickjacking

Related Post

Apple Vision Pro
Apple Vision Pro: A leap into the future of Spatial Computing
07 Jun, 2023
Thumbnail - Why should you run SAP on AWS?
Why should you run SAP on AWS?
02 Jun, 2023
Mobile App Development Cost
How Much Does Mobile App Development Cost in 2023?
31 May, 2023

The recent ransomware attack has raised discussions around “click-jacking.” Clickjacking, also known as UI redress attack, tricks users by engaging them in fraudulent purchases. Hackers steal confidential information such as credit card details and use them without the user’s knowledge. Such cyber-attacks are difficult to track because the victim is influenced to interact with a fictitious webpage created by the hacker.

What is it?

A clickjack is an embedded code/script, executed when a user clicks on the button that functions differently. For example, a user receives an email containing a video link of some news item. If he clicks on the link and goes to the page, he is not aware of the fact that a hidden page which might be a product page on Amazon.com is placed on top/below the ‘Play’ icon on the video. When the user plays the news video, they are actually purchasing the linked product. With a single click, the hacker is able to acquire complete information of the user from Amazon.com.  

Other common examples include:

  • Cheating users to enable webcam/microphone by using Flash player
  • Follow someone on Twitter and Facebook
  • Like/Share Facebook links
  • Generate PPC revenue by clicking ads through Google Adsense
  • Download and run malware giving access to remote hackers

How to Secure your Application?

You can follow the following steps to avoid cases of clickjacking:

#1: Download clickjacking-test.html

#2: The below screen will appear

 

ClickJacking Load

#3: Enter the URL of your application in ‘URL’ text field.

For example, https://www.hoganlovells.com/

Click on ‘Load’ and if the following output appears on your screen, your application is not secured from clickjacking.

Hogan

 

#4: However, if the below screen appears after entering your application’s URL, it means your application is secure.

Parent Frame

How to Handle Clickjacking Vulnerabilities in your Application?

You need to add the following script in the head section of your webpage in order to ensure that your application is secure from clickjacking.

<style id="antiClickjack">body{display:none !important;}</style>

<script type="text/javascript">

if (self === top) {

var antiClickjack = document.getElementById("antiClickjack");

antiClickjack.parentNode.removeChild(antiClickjack);

} else {

top.location = self.location;

}

</script>

What Else can you do to Protect your Application?
 

When securing your application consider these points:

  • Check redirected webpages when you click on links. For example, if you want to purchase music from iTunes site. The URL will read as store.itunes.com. However, if the web page is clickjacked, the URL will be somewhat similar with a minute difference that is visible only when you scrutinize the URL.
     
  • An extreme measure can be to use only text-based web browser because it allows only textual inputs. This will not be beneficial as text-based browsers hamper user experience.
     
  • Adopt other server-side protection measures.
Posted By:
Kellton
linkedin

Want to know more?

Mobile App Development Cost
Blog
How Much Does Mobile App Development Cost in 2023?
31 May, 2023
Drupal Development
Blog
5 Reasons why Drupal remains a top choice as a CMS
29 May, 2023
Thumbnail - Best Android automated app testing frameworks in 2023
Blog
Best Android automated app testing frameworks in 2023
08 May, 2023

Leading you through Digital Transformation journey

North America: +1.844.469.8900

Asia: +91.124.469.8900

Europe: +44.203.807.6911

Email: ask@kellton.com

Footer menu right

  • Digital Experience
  • Data Engineering & AI
  • Nextgen Services
  • About
  • Contact

Footer Menu Left

  • Product Engineering
  • Cloud Engineering
  • SAP Services
  • Careers
  • Success Stories
clutch Badge
GoodFirms Badge

© 2023 Kellton