February 2006
Intermediate to advanced
240 pages
5h 47m
English
book
How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
by James A. Whittaker, Mike Andrews
Content preview from How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
CHAPTER 3. Attacking the Client
What’s In This Chapter?
This chapter outlines attacks against ill-advised, client-side coding tricks that work on normal graphical user interface (GUI) applications but create security disasters in Web applications. The problem: Client-side code is too easy to tamper with. The lesson: You need to do all the important stuff on the server.
Also see Chapter 5, “Attacking User-Supplied Input Data,” for attacks against user input, which also affect the client.
Introduction
Long before the Web existed, most software was self-contained on a single machine or executed in a closed (non Internet-facing) client-server environment. ...