Client Side Validation
From Guidance Share
Contents |
[edit]
Description
Client side validation occurs when the server trusts the client to authenticate, authorize itself or validate data. The attack occurs when the attacker turns off this authentication and misrepresents the authentication or authorization state to the server. Client side validation is usually done by scripts that run on the client machine. These scripts can either be blocked or altered by the client at will and are completely attacker controlled.
[edit]
Impact
- Elevation of priviledges: The attacker can run with greater priviledges than entitled to.
[edit]
Vulnerabilities
- Executing validation code on the client machine only
- Server blindly trusts information from client
[edit]
Countermeasures
- Server should not trust the client to authenticate or authorize itself
- Client side validation done for performance reasons should be verified by the server
[edit]
Attack Patterns
[edit]
Explained
[edit]
How Tos
- How To Recognize Client Side Validation Vulnerabilities
- How To Perform a Client Side Validation Attack
- How To Protect From Client Side Validation Attacks in ASP.NET 2.0
Done