Client Side Validation

From Guidance Share

Contents 1 Description 2 Impact 3 Vulnerabilities 4 Countermeasures 5 Attack Patterns 6 Explained 7 How Tos

Description

Client side validation occurs when the server trusts the client to authenticate, authorize itself or validate data. The attack occurs when the attacker turns off this authentication and misrepresents the authentication or authorization state to the server. Client side validation is usually done by scripts that run on the client machine. These scripts can either be blocked or altered by the client at will and are completely attacker controlled.

Impact

• Elevation of priviledges: The attacker can run with greater priviledges than entitled to.

Vulnerabilities

• Executing validation code on the client machine only
• Server blindly trusts information from client

Countermeasures

• Server should not trust the client to authenticate or authorize itself
• Client side validation done for performance reasons should be verified by the server

Attack Patterns

• Client Side Validation Attack Pattern

Explained

• Client Side Validation Attack Explained

How Tos

• How To Recognize Client Side Validation Vulnerabilities
• How To Perform a Client Side Validation Attack
• How To Protect From Client Side Validation Attacks in ASP.NET 2.0

Done