{"title":"点击劫持的课程模块","authors":"L. Simpkins, Xiaohong Yuan, Jung Hee Kim","doi":"10.1145/2670739.2670750","DOIUrl":null,"url":null,"abstract":"Clickjacking is a form of UI-Redress where a victim thinks they are browsing the webpage they see, but click actions are actually on a hidden webpage. Methods for detecting and preventing clickjacking attacks are available, however. One of these methods should be included to let the website recognize it is in an iFrame, and then \"break\" out of the frame, i.e. refresh the page directly to its URL, or not load the page in the first place. Currently it is important to increase the implementation rate of these methods in websites. This paper introduces a clickjacking course module which includes a tutorial of clickjacking, and a hands-on lab. Our teaching experience with this course module is discussed. This course module can be adopted in web security or network security courses introducing how clickjacking works.","PeriodicalId":331424,"journal":{"name":"Proceedings of the 2014 Information Security Curriculum Development Conference","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A course module on clickjacking\",\"authors\":\"L. Simpkins, Xiaohong Yuan, Jung Hee Kim\",\"doi\":\"10.1145/2670739.2670750\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Clickjacking is a form of UI-Redress where a victim thinks they are browsing the webpage they see, but click actions are actually on a hidden webpage. Methods for detecting and preventing clickjacking attacks are available, however. One of these methods should be included to let the website recognize it is in an iFrame, and then \\\"break\\\" out of the frame, i.e. refresh the page directly to its URL, or not load the page in the first place. Currently it is important to increase the implementation rate of these methods in websites. This paper introduces a clickjacking course module which includes a tutorial of clickjacking, and a hands-on lab. Our teaching experience with this course module is discussed. This course module can be adopted in web security or network security courses introducing how clickjacking works.\",\"PeriodicalId\":331424,\"journal\":{\"name\":\"Proceedings of the 2014 Information Security Curriculum Development Conference\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2014 Information Security Curriculum Development Conference\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2670739.2670750\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2014 Information Security Curriculum Development Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2670739.2670750","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Clickjacking is a form of UI-Redress where a victim thinks they are browsing the webpage they see, but click actions are actually on a hidden webpage. Methods for detecting and preventing clickjacking attacks are available, however. One of these methods should be included to let the website recognize it is in an iFrame, and then "break" out of the frame, i.e. refresh the page directly to its URL, or not load the page in the first place. Currently it is important to increase the implementation rate of these methods in websites. This paper introduces a clickjacking course module which includes a tutorial of clickjacking, and a hands-on lab. Our teaching experience with this course module is discussed. This course module can be adopted in web security or network security courses introducing how clickjacking works.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
