1
00:00:07,110 --> 00:00:10,040
- [Instructor] Clickjacking
involves multiple transparent

2
00:00:10,040 --> 00:00:14,800
or opaque layers in order to induce a user

3
00:00:14,800 --> 00:00:18,040
to basically click on a web button or link

4
00:00:18,040 --> 00:00:21,700
on a page that the user was not intended

5
00:00:21,700 --> 00:00:23,710
to navigate or click.

6
00:00:23,710 --> 00:00:25,790
Clickjacking attacks are often referred to

7
00:00:25,790 --> 00:00:29,120
as UI redress attacks.

8
00:00:29,120 --> 00:00:33,230
Basically, user keystrokes
can also be hijacked

9
00:00:33,230 --> 00:00:35,073
using clickjacking techniques.

10
00:00:35,920 --> 00:00:38,720
An attacker can launch
a clickjacking attack

11
00:00:38,720 --> 00:00:43,720
by using a combination of CSS style sheets

12
00:00:44,130 --> 00:00:48,860
or i-frames or text boxes to fool the user

13
00:00:48,860 --> 00:00:51,880
into entering information or to click

14
00:00:51,880 --> 00:00:54,890
on a malicious link that may be

15
00:00:54,890 --> 00:00:57,450
actually an invisible frame

16
00:00:57,450 --> 00:00:59,850
that then can be rendered from a site

17
00:00:59,850 --> 00:01:02,350
that the attacker created.

18
00:01:02,350 --> 00:01:05,740
Now the OWASP organization
has a clickjacking

19
00:01:05,740 --> 00:01:10,050
defense cheat sheet that
provides many different details

20
00:01:10,050 --> 00:01:13,383
about how to defend against
clickjacking attacks.