concept

Clickjacking

Clickjacking is a web security vulnerability where an attacker tricks a user into clicking on a hidden or disguised element on a webpage, often by overlaying it with a transparent or misleading layer. This technique can lead to unintended actions, such as making unauthorized purchases, changing account settings, or downloading malware, without the user's knowledge. It exploits the user's trust in the visible interface to manipulate their interactions.

Also known as: UI redressing, User interface redress attack, Click hijacking, UI manipulation, Frame overlay attack
🧊Why learn Clickjacking?

Developers should learn about clickjacking to protect web applications from this type of attack, which is common in scenarios involving user authentication, financial transactions, or social engineering. Understanding clickjacking is crucial for implementing security measures like frame-busting scripts or Content Security Policy (CSP) headers to prevent UI redressing and ensure user actions are intentional. It's especially important for applications handling sensitive data or requiring user consent.

Compare Clickjacking

Clickjacking vs Csrf AttacksClickjacking vs Phishing AttacksClickjacking vs Session Hijacking

Learning Resources

📄
OWASP Clickjacking Defense Cheat Sheet
docs
📄
MDN Web Docs: Clickjacking
docs
📝
PortSwigger Web Security Academy: Clickjacking
tutorial
🎬
YouTube: Clickjacking Explained in 5 Minutes
video
📚
Book: 'The Web Application Hacker's Handbook' by Dafydd Stuttard and Marcus Pinto
book

Related Tools

Web SecurityContent Security PolicyX Frame OptionsCross Site ScriptingCsrf Protection

Alternatives to Clickjacking

Csrf AttacksPhishing AttacksSession Hijacking