Clickjacking Demo and Defense

Ask an organizer about our Slack group if you'd like to attend. We share a Zoom link in Slack just before the meeting starts. Thanks!

***

Book Club (for those interested, feel free to listen in):

Code Complete 2nd Edition by Steve McConnell - Chapter 10

We'll wrap up the meeting around 7:20 pm and the focus will switch over to a book club discussion for the last 30 minutes or so.

***

Clickjacking is a UI redress attack where a user is tricked into clicking something different than what they think they’re clicking—often because a malicious page invisibly overlays or frames a trusted site.

Tonight Sky Bexten will present a short clickjacking demo that shows how an attacker can use iframes/CSS layering to capture unintended clicks.

We’ll walk through the demo flow, discuss realistic threat scenarios, and review practical mitigations you can apply in web apps.
Some areas I plan to review: iframe-based overlays and defenses like `X-Frame-Options`, `Content-Security-Policy (frame-ancestors)`.

***

General Agenda:

6:00 pm MT - Welcome and setup
6:05 - Start the Meeting
7:20 - Wrap up discussion and begin book club
7:50 - Close for the night

Meeting tools:
Slack: https://slack.com/
Discord: https://discordapp.com
Zoom: https://zoom.us/

Kalispell Software Crafters is dedicated to a harassment-free experience for everyone. Be that at an event or within our Slack community. Our anti-harassment policy can be found at: https://github.com/kalispell-software-crafters/code-of-conduct