Clickjacking is a trick performed by hackers to get confidential information or to cheat users and force them to perform action which they don’t want to do.
For example, they add a transparent layer on the webpage and user will not see the actual button available.
He/She will click the button to perform certain action but as the hacker has used Clickjacking and added another button above that and will get what He or She wants.
For example, even by clicking a video play button on Facebook, you become a member of certain community or unintentionally like certain page which you don’t want to like.
To prevent ClickJacking in .Net/SharePoint applications, just do the following steps:
1. Open Web.Config file.
2. Under <system.webserver> tag add the following lines:
For example, they add a transparent layer on the webpage and user will not see the actual button available.
He/She will click the button to perform certain action but as the hacker has used Clickjacking and added another button above that and will get what He or She wants.
For example, even by clicking a video play button on Facebook, you become a member of certain community or unintentionally like certain page which you don’t want to like.
To prevent ClickJacking in .Net/SharePoint applications, just do the following steps:
1. Open Web.Config file.
2. Under <system.webserver> tag add the following lines:
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
No comments:
Post a Comment