Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”.
What is Clickjacking ?
Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters. This is also known as a “UI redress attack” as it is changing the Users Interface.
This means users can be fooled into giving up usernames and passwords when they think they are logging into legitimate web sites, not realising there is a layer intercepting these details between them and the legitimate site. Continue reading