Skip to content

Security Cipher

  • Home
  • Blog
  • About Us
  • Resources
    • Security Terminologies
    • Vulnerability Explain
    • Secure Code Explain
    • Linux Commands
    • AWS Cloud Security Checklist
  • My Resume
Contact Us

Secure Code Explain

  • DOM Cross-Site-Scripting (XSS)
  • Stored Cross-Site-Scripting (XSS)
  • Reflected Cross-Site-Scripting (XSS)
  • SQL Injection
  • XXE Injection
  • Remote File Inclusion (RFI)
  • Local File Inclusion
  • Clickjacking
  • Remote Code Execution (RCE)
  • Insecure direct object references (IDOR)
  • Secure Cookie not set
  • Log Injection
  • Cross-Site Request Forgery (CSRF)
  • HttpOnly Flag not set

Vulnerability Explain

  • SQL Injection
  • Cross-Site-Scripting (XSS)
  • Home
  • Secure Code Explain
  • Clickjacking

Clickjacking

Table of Contents
  • ๐Ÿฅบ Vulnerable Code
  • ๐Ÿ˜Ž Secure Code

Here is an example of Java code that is vulnerable to Clickjacking attack.

๐Ÿฅบ Vulnerable Code #

import java.io.*; 
import javax.servlet.*; 
import javax.servlet.http.*; 

public class ClickjackingVulnerable extends HttpServlet { 
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 

// Generate response 
PrintWriter out = response.getWriter(); 
out.println("<html><body>"); 
out.println("This page is vulnerable to clickjacking attacks."); 
out.println("</body></html>"); 
} 
}

This code is vulnerable to clickjacking attacks because it does not set any headers or use any techniques to prevent the page from being embedded in a malicious frame or iframe. An attacker could create a page with a hidden frame that overlays the victim’s page, tricking the victim into clicking on it and potentially leading to sensitive information being compromised.

๐Ÿ˜Ž Secure Code #

Here is a version of the same code that is secured against clickjacking attack:

import java.io.*; 
import javax.servlet.*; 
import javax.servlet.http.*; 

public class ClickjackingSecure extends HttpServlet { 
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 

// Secure code: The application sets the X-Frame-Options header to prevent the page from being embedded in a frame or iframe 
response.setHeader("X-Frame-Options", "DENY"); 

// Generate response PrintWriter out = response.getWriter(); 
out.println("<html><body>"); 
out.println("This page is secured against clickjacking attacks with the X-Frame-Options header."); 
out.println("</body></html>"); 
} 
}

This version of the code sets the X-Frame-Options header to “DENY“, which tells the browser to not allow the page to be embedded in a frame or iframe. This helps to prevent clickjacking attacks by ensuring that the page cannot be overlaid by a malicious frame.

Share This Article :
  • Facebook
  • Twitter
  • LinkedIn
  • Pinterest
Local File InclusionRemote Code Execution (RCE)

Leave a Reply Cancel reply

Table of Contents
  • ๐Ÿฅบ Vulnerable Code
  • ๐Ÿ˜Ž Secure Code
logo name

Learn penetration Testing …

Instagram Twitter Youtube Telegram Linkedin

Useful Links

Blogs
About
Contact

Recent Post

  • Threat Modeling : Everything You Need to Know for Web Application Security
  • How to Conduct a Successful Penetration Test: A Step-by-Step Guide
  • OSV-Scanner: Protecting Your Open-Source Dependencies

Subscribe Now

Donโ€™t miss our future updates! Get Subscribed Today!

Subscription Form

By entering your email, you agree to our terms & Conditions and Privacy policy.

ยฉ2023. Security Cipher. All Rights Reserved.

Privacy Policies
Terms & Conditions