Client Side Validation

From Guidance Share

Jump to: navigation, search

Contents

Description

Client side validation occurs when the server trusts the client to authenticate, authorize itself or validate data. The attack occurs when the attacker turns off this authentication and misrepresents the authentication or authorization state to the server. Client side validation is usually done by scripts that run on the client machine. These scripts can either be blocked or altered by the client at will and are completely attacker controlled.


Impact

  • Elevation of priviledges: The attacker can run with greater priviledges than entitled to.


Vulnerabilities

  • Executing validation code on the client machine only
  • Server blindly trusts information from client


Countermeasures

  • Server should not trust the client to authenticate or authorize itself
  • Client side validation done for performance reasons should be verified by the server


Attack Patterns


Explained


How Tos


Done

Personal tools