CHAPTER 3. Attacking the Client


What’s In This Chapter?

This chapter outlines attacks against ill-advised, client-side coding tricks that work on normal graphical user interface (GUI) applications but create security disasters in Web applications. The problem: Client-side code is too easy to tamper with. The lesson: You need to do all the important stuff on the server.

Also see Chapter 5, “Attacking User-Supplied Input Data,” for attacks against user input, which also affect the client.


Long before the Web existed, most software was self-contained on a single machine or executed in a closed (non Internet-facing) client-server environment. ...

Get How to Break Web Software: Functional and Security Testing of Web Applications and Web Services now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.