6. Clickjacking
Clickjacking is tricking the user into clicking on some hidden website or link which they do not intend to while they are trying to access some other content of your website. This attack is also known as “UI redress attack”. The attackers can use your website and can put it on their website to place transparent controls over it. By doing this, they can access the confidential information of the user.
As a developer, what we can do is,
if (top.location.hostname != self.location.hostname) {
top.location.href = self.location.href;
}
protected void Application_Start(object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("x-frame-options", "DENY");
}
-
Add script that will prevent website from being iframed. For example:
-
You also need to add header in your application’s global.asax start event, like this:
To sum up, here we discussed that security is a key for any web application, and if not handled properly, it may harm the businesses and sensitive data of any .NET Development company We discussed five of the most common vulnerabilities of ASP.NET web applications.