Up to this point, we have focused on identifying, exploiting, and mitigating common web application security holes, with an emphasis on server-side flaws. But what about the client side?

Historically, relatively short shrift has been given to the client end of web application security, mostly because attackers focused on plentiful server-side vulnerabilities (that usually coughed up the entire customer list anyway). As server-side security has improved, attackers have migrated to the next obvious patch of attack surface.

A simple glance at recent headlines will illustrate what a colossal calamity that web client security has become. Terms like phishing, malware, spyware, and adware, formerly uttered only by the ...

Get Hacking Exposed Web Applications, Third Edition, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.