Tag: Clickjacking

What is clickjacking In simple words Clickjacking means users are tricked into clicking or keystroking on a different site/page making them think they are on their usual site. How can that be a problem from security point of view. Here is an example An example of Clickjacking Lets assume you own a website my_domain.com and you login to it everyday. If this site is not protected from clickjacking a hacker may be able to call this site in an iframe on some page hosted on his domain some_domain_owned_by_hacker.com Now the hacker also adds some javascript to this page which records users keystrokes. Through some means the hacker may trick you in clicking and opening this page. If you do not notice the domain name in the URL then you may feel that it is your own website and may even log in. Due to the keystroke recording script the hacker is then able to get your password. However you may feel that you always check the domain name before performing any transaction on a website and...