Gustav Rydstedt : 2010 Security Workshop


Friday, April 30, 2010
Location: Fisher Conference Center, Arrillaga Alumni Center

"Framebusting in the wild"


Clickjacking attacks use frames to hijack a user's web ses- sion. The most common defense for clickjacking is frame busting, which prevents a site from functioning when loaded inside a frame. We study frame busting practices at the Alexa Top-500 sites and show that all can be circumvented in one way or another. Some circumventions are browser- speci c while others work across browsers. We conclude with recommendations for proper frame busting.


Gustav Rydstedt is a master's student doing research with the Web Security Group.