@inproceedings{e0e392da0255460a8d84f05e9eea2fcf,
title = "Performing Clickjacking Attacks in the Wild: 99\% are Still Vulnerable!",
abstract = "Clickjacking is an attack that tricks victims into clicking on invisible elements of a web page to perform unin- tended actions that might be advantageous for the attacker. To defend against clickjacking, many techniques have been proposed, but it is still questionable whether they are effectively deployed in practice. We investigated how vulnerable Korean websites are to clickjacking attacks by performing real attacks on the top 500 most popular Korean websites as well as all of the financial websites. Our results are quite significant: almost all Korean websites (99.6\%) that we looked at were vulnerable to clickjacking attacks. Extending our observation to top 500 global websites, we found that 390 of them (78\%) were also vulnerable to clickjacking attacks and identified which type of website is particularly insecure against clickjacking.",
keywords = "Clickjacking, Frame busting, Korean websites",
author = "Daehyun Kim and Hyoungshick Kim",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 1st International Conference on Software Security and Assurance, ICSSA 2015 ; Conference date: 27-07-2015",
year = "2017",
month = jan,
day = "10",
doi = "10.1109/ICSSA.2015.015",
language = "English",
series = "Proceedings - 2015 1st International Conference on Software Security and Assurance, ICSSA 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "25--29",
editor = "Jungwoo Ryoo and Hyoungshick Kim",
booktitle = "Proceedings - 2015 1st International Conference on Software Security and Assurance, ICSSA 2015",
}