• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Click-jacking: Old Dogs, Cheap Tricks and Easy Fixes

Identified in 2008, click-jacking may not be the latest in web app vulnerability discoveries, but it’s one that continues to exist on some of the top websites around the world. Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn’t intend to click, typically by overlaying the web page with an iframe. This malicious technique can potentially expose confidential information or, less commonly, take control of the user’s computer. For example, on Facebook, a clickjack can lead to an unauthorized user spamming the entire network of friends from their account.

What’s particularly frustrating is that framebusting offers an easy fix – involving just three simple lines of code – and yet year after year, the same websites are dogged by this moldy vulnerability. During this session, a member of Qualys’ security research team will share information on the scope of this vulnerability across some of the top websites, as well as recommendations on how to put the right countermeasures in place to avoid being the next click-jacking victim.

Key learning points:
  • Learn more about the risks associated with clickjacking
  • Determine how/if your own web servers and apps are exposed
  • Understand how to implement framebusting techniques

About Frank Catucci

Frank Catucci is the Director of Web Application Security and a SME for Qualys. Aside from his daily Web Application Scanning and Application Security duties, Frank also conducts security research, freelance penetration testing, and often speaks at information security conferences and events such as BSides, OWASP, ISSA, etc.

About Daniel Yang

As a Web Application Security Engineer at Qualys, Daniel Yang spends most of his time researching and evaluating the latest vulnerabilities while collecting real-time web performance data to better secure our customers’ web applications and environments. As an avid pen tester and security bug hunter, Daniel has discovered multiple vulnerabilities on some of the most popular web applications such as Joomla, PHPBB, Moodle and more. You can read more about Daniel’s research on the Qualys Community blog.

Primary Sidebar

Details

Wednesday May 18, 2016
11:00 AM - 12:00 PM
Room 10&11
Level: Intermediate
Focus: Cybersecurity, GRC (Governance, Risk & Compliance)

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.