wstg
wstg copied to clipboard
OWASP
Add tests to 4.12.9 Testing for Clickjacking
The current document describes clickjacking defenses from the title "Client side protection: Frame Busting" onward. Much of the content also appears in OWASP Clickjacking Defense Cheat Sheet.
There is a "proof of concept" described later in the text, but no specific testing instructions. I believe the portion of the document from the title "Client side protection: Frame Busting" onward should be rewritten without defense recommendations (out of scope of the testing guide) and with specific testing instructions.
"4.12.9 Testing for Clickjacking" For the testing instructions, I think, it was provided. i.e. below. Do you mean instead of the whole section description, it's suggested to list step 1, step 2....?
Suggested Tests Step 1: Create a HTML "ClickJacking.html" with your target testing website as below.
Step 2: Use Browser to open the "ClickJacking.html" Step 3: Review if the target website can be shown in the HTML "ClickJacking.html" If the target website can be shown in the "ClickJacking.html", then the target website is vulnerable to clickJacking.
Original Text
If the http://www.target.site page is successfully loaded into the frame, then the site is vulnerable and has no type of protection against clickjacking attacks.
Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Please comment if you are still working on this issue, as it has been inactive for 30 days. To give everyone a chance to contribute, we are releasing it to new contributors.
Please comment if you are still working on this issue, as it has been inactive for 90 days. To give everyone a chance to contribute, we are releasing it to new contributors.
