Abstract
— In recent years the security vulnerabilities continue to infect the web applications can cause vast security problems. The main idea is to implement a set of mechanisms in the browser that enforce a strict separation between different sources. This separation is achieved by preventing the interaction between pages that are from different origins, where the origin of a page is usually defined as a combination of the domain name, the application layer protocol, and the TCP port number. One of the techniques which we used to eliminate the unwanted bugs namely clickjacking. The idea behind a click jacking attack is simple: A malicious page is constructed such that it tricks users into clicking on an element of a different page that is only barely or not at all noticeable. Thus, the victim’s click causes unintentional actions in the context of a legitimate website. Clickjacking attacks have been reported to be usable in practice to trick users into initiating money transfers, clicking on banner ads that are part of an advertising click fraud, posting blog or forum messages, or, in general, to perform any action that can be triggered by a mouse click. Our solution can be adopted by security experts to automatically test a large number of websites for click jacking. The Proposed iframe tag checking algorithm and DNSlookup checking algorithm is based on regex. Regex handles both the internal and external fault efficiently and reduces the load time of iframe tag checking and DNSlookup using simple patterns of regex. Thus the proposed algorithm overcomes clickjacking attack efficiently than existing defenses. The vulnerability of the attack can be measured by the deviation of the system state with expected state. This deviation can be overcome by the security mechanism.