Clickjacking (UI redressing) loads a target application in a transparent iframe over an attacker-controlled page, tricking users into clicking buttons they can't see — potentially performing actions like changing account settings or approving transactions. Testing evaluates: X-Frame-Options header presence and configuration, Content-Security-Policy frame-ancestors directive, JavaScript frame-busting code effectiveness, and whether critical actions require additional confirmation that would prevent clickjacking exploitation.
Technical2026-12-24
Clickjacking and UI Redressing: Testing Frame-Based Attacks สำหรับองค์กรไทย
Clickjacking tricks users into clicking hidden elements by overlaying transparent frames. Testing X-Frame-Options and CSP frame-ancestors. Guidance for TH market.