期刊名称:International Journal of Engineering and Computer Science
印刷版ISSN:2319-7242
出版年度:2015
卷号:4
期号:6
页码:12652-12657
出版社:IJECS
摘要:In recent years the security vulnerabilities continue to infect the web applications can cause vast security problems. Themain idea is to implement a set of mechanisms in the browser that enforce a strict separation between different sources. This separationis achieved by preventing the interaction between pages that are from different origins, where the origin of a page is usually defined as acombination of the domain name, the application layer protocol, and the TCP port number. One of the techniques which we used toeliminate the unwanted bugs namely clickjacking. The idea behind a click jacking attack is simple: A malicious page is constructed suchthat it tricks users into clicking on an element of a different page that is only barely or not at all noticeable. Thus, the victim’s clickcauses unintentional actions in the context of a legitimate website. Clickjacking attacks have been reported to be usable in practice totrick users into initiating money transfers, clicking on banner ads that are part of an advertising click fraud, posting blog or forummessages, or, in general, to perform any action that can be triggered by a mouse click. Our solution can be adopted by security expertsto automatically test a large number of websites for click jacking. The Proposed iframe tag checking algorithm and DNSlookupchecking algorithm is based on regex. Regex handles both the internal and external fault efficiently and reduces the load time of iframetag checking and DNSlookup using simple patterns of regex. Thus the proposed algorithm overcomes clickjacking attack efficientlythan existing defenses. The vulnerability of the attack can be measured by the deviation of the system state with expected state. Thisdeviation can be overcome by the security mechanism.
