Clickjacking 2017

Leave a comment

Date of prediction: 2009-06-03

»The future: Long standing Web application security scourges such SQL Injection (SQLi), Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) are finally under control. Remaining buffer overflow issues are considered fossilized evidence of a prior era. Cyber criminals out of necessity have evolved their attack portfolios to include Clickjacking as a preferred method for tricking their victims into propagating malware, defrauding themselves, and initiating other forms a malicious acts. Clickjacking, a long-known and fundamental design problem in the way the Web works, had not until 2017 garnered the respect necessary to be taken seriously. Now with significant damage increasing and loses mounting, the issue has forced website owners and browser developers to scramble for solutions to a problem nearly a decade in the making. Or so the story may go should history repeats itself.«

(Jeremiah Grossman: Clickjacking 2017)

2010 Web Application Security Predictions

1 Comment

Date of prediction: 2010-01-18

Ryan Barnett predicted for 2010:

  • Web-based Worms Will Migrate Off Social Networking Sites
  • Planting of Malware Will Become a Top Concern
  • Attacks Against Web-based Critical Infrastructure Components
  • HTTP Denial of Service Attacks Will Take Down Important Sites