CHAPTER 3. Attacking the Client
What’s In This Chapter?
This chapter outlines attacks against ill-advised, client-side coding tricks that work on normal graphical user interface (GUI) applications but create security disasters in Web applications. The problem: Client-side code is too easy to tamper with. The lesson: You need to do all the important stuff on the server.
Also see Chapter 5, “Attacking User-Supplied Input Data,” for attacks against user input, which also affect the client.
Long before the Web existed, most software was self-contained on a single machine or executed in a closed (non Internet-facing) client-server environment. ...