This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Click Me Project"
From OWASP
Arun Kumar V (talk | contribs) |
Arun Kumar V (talk | contribs) |
||
Line 8: | Line 8: | ||
==OWASP Click Me Project== | ==OWASP Click Me Project== | ||
− | The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website.Clickjacking attack occurs when a malicious site tricks a user into clicking on a hidden element that belong to another site which they have loaded in a hidden frame or iframe.OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame. Sites can use frame breaking scripts and X-Frame-Options set with DENY or SAME ORIGIN values to avoid Clickjacking attacks,by ensuring that their content is not embedded into other sites. | + | The OWASP Click Me Project aimed at having a simple GUI which helps to create a test page for Clickjacking attacks.This is an attack which targets the clickable content on a website. |
+ | Clickjacking attack occurs when a malicious site tricks a user into clicking on a hidden element that belong to another site which they have loaded in a hidden frame or iframe.OWASP Click Me tool will help you to test whether your site is vulnerable to this attack by creating a html page that will try to load your web site from a frame. | ||
+ | |||
+ | ---- | ||
+ | Sites can use frame breaking scripts and X-Frame-Options set with DENY or SAME ORIGIN values to avoid Clickjacking attacks,by ensuring that their content is not embedded into other sites. | ||
==Licensing== | ==Licensing== | ||
The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License. | The OWASP Click Me Project is free to use. It is licensed under the Apache 2.0 License. |
Revision as of 16:31, 5 March 2014
Volunteers
The OWASP Click Me Project: The primary contributors to date have been:
References
- OWASP definition on Click jacking or "UI redress attack"
- OWASP test guide for Click jacking attacks.
Just a click away to get your copy of OWASP Click Me.Here we go ! Click Me
Note : OWASP Click Me is a jar file ,so you will need JRE in your system to run the file.
As of March 2014, the priorities are:
- Creating the test html page.
Involvement in the development and promotion of the OWASP Click Me Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Create a GUI which will help to provide a Proof of Concept on how the attack could be exploited for a given web page.
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|