@article{1628,
  author = {Lindsay Simpkins, Xiaohong Yuan, Junghee Kim},
  title = {A Course Module on Clickjacking},
  journal = {Information Security Education Journal},
  year = {2014},
  volume = {1},
  number = {2},
  doi = {},
  url = {http://www.dline.info/isej/fulltext/v1n2/4.pdf},
  abstract = {Clickjacking is a form of UI-Redress where a victim thinks they are browsing the webpage they see, but click actions are actually on a hidden webpage. Typically, the victim must already be authenticated on the hidden page for the
attack to work. There are several available methods to detect or prevent clickjacking attacks on both the server and client side. The main prevention methods are for the server side, and verify that the website is not being loaded inside an iFrame. If an attacker attempts to load a website with one of these methods in place, it will either “break” out of the frame, i.e.
refresh the page directly to its URL, or not load the page in the first place. Currently it is important to increase the implementation rate of these prevention methods. This paper introduces a clickjacking course module which includes a
tutorial of clickjacking, a hands-on lab, and a quiz. There is a discussion of the teaching experience with this course module. The module can be integrated into web security or network security courses introducing the topic of clickjacking.},
}