Protection of XSSJacking

Question

Hi Guys&nbsp;
New Attack Called “XSSJacking” Discovered That Combined of Clickjacking, Pastejacking and Self-XSS Attacks&nbsp;
Does anyone knows any resolution to this vulnerability using ASM ? Or Protection with XSS ,Clickjacking will be sufficient to resolve it&nbsp;
Regards&nbsp;

samstep · Answer

The name "XSSJacking" has been coined only a few days ago by researcher Dylan Ayrey. The attack is a combination of XSS, ClickJacking and CSRF - all these attacks are mitigated by F5 ASM individually and together.

samstep · Answer

PasteJacking is a CLIENT-side attack where malicious site tricks the user to copy some text, then the malicious JavaScript code replaces the contents of the copied text in the clipboard with a malicious XSS payloads.The malicious site then ASKs the user to paste it. Because it is a CLIENT-side attack starting on a MALICIOUS site (not protected by ASM) Pastejacking cannot be stopped as it happens in memory of user's BROWSER. However when the user pastes the XSS payload to a legitimate site (protected by ASM) ASM will DETECT the XSS in the input (provided the policy is configured correctly to detect and block XSS).

Forum Discussion

Protection of XSSJacking

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Cookie-based DDoS protection

Protecting gRPC based APIs with NGINX App Protect

Managing NGINX App Protect WAF for Beginners

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS