Home > Articles > Security > General Security and Privacy

  • Print
  • + Share This
Like this article? We recommend

Mitigations

How can you protect yourself and ensure that no one can clickjack your web applications? From a user's perspective, very little can be done. The previous example no longer works (at least in theory) because Adobe has released an urgent patch to fix the design bug—but only for Adobe's Flash plug-in. Check that you have the latest version of Flash. If not, you're vulnerable, and you should patch immediately.

If you use Firefox, try the excellent NoScript extension from Giorgio This extension may not be suitable for all types of users, but at least you should feel more secure with it than without it. The NoScript extension tries to prevent clickjacking as well as several other known web attacks. Keep in mind that bad guys often find ways around security products, however, so you still need to be cautious online. If possible, question everything into which you type information and everything you click. Even security researchers and penetration testers find it difficult to protect themselves, so you're not alone in this game.

You don't have many options if you're using any browser other than Firefox.

Web/application developers should try to make sure that their code isn't vulnerable to clickjacking. You can use a technique known as frame busting, which simply tries to prevent your page from being loaded in arbitrary IFRAMEs. Unfortunately, frame-busting code doesn't always work as advertised, and you may break certain parts of your application by using frame busting inappropriately. I won't provide any frame-busting code here, as some readers may simply copy and paste it without giving it a second thought. Plenty of resources are available online for finding frame-busting code; examine the possibilities and make up your own mind. If possible, use the help of skilled security consultants who have a good understanding of the latest and greatest in the web application and client-side security world. It pays off in the long term.

My last word of advice is to be cautious with everything that you do online. Rather than World Wide Web, these days WWW seems to stand for Wild Wild Web.

  • + Share This
  • 🔖 Save To Your Account