ClickJacking and JavaScript KeyLogging in Iframes

This week I was asked some specific questions about the security of iframes. The questions came about from a PCI standpoint, for stores that use fully outsourced iframes for taking payment. The question was effectively, if an attacker can inject JavaScript into the framing (store) page, what effect can they have on the security of the site and the payment page. Short answer: The attacks are very limited. Long answer:

Read More