| A lot of SNS sites have appeared with the development of Web2.0technology. This kind of sites take advantage of the real-time and effective features of the technologies like JavaScript and AJAX and thus, bring easier and swifter feeling to the users when they browsing the sites. But these technologies can also be used by attackers, among which, the Clickjacking is the most threaten and advanced attacking technology. The Attackers can deceive the user to carry out the presupposed process unconsciously and further achieve some specific purpose by making use of it.This paper gives a full analysis on the Clickjacking technology and the advanced exploited of Clickjacking vulnerability technology, concludes the detecting and defense technologies of Clickjacking, the main contributions can be summarized as follows:1. Make perfects of the click and drag-and-drop testing function. For the Clickjacking tool’s shortcomings on click and drag-and-drop, add both the click testing module and drag-and-drop testing module combined with web analytical and dragging technology,2. Designs and enables the implementation of the clickjacking vulnerability detection function. For the Clickjacking tool’s shortcoming on vulnerability detection, add defense testing module based on the research of Frame Busting code defense technology and X-FRAME-OPTIONS defense system.3. Designs the defense methods of clickjacking vulnerability which based on CAPTCHA and enables the implementation of it, make analysis on the features of CAPTCHA technology, finally achieve the defense function of server-side to the clickjacking vulnerability combined with random button technology.4. Tests some important global websites with the improved Clickjacking tool and make analysis on the potential security problems and further prove the easy-using and effective features of it. |
PDF Full Text Request