Client Side Validation

From Guidance Share

Jump to: navigation, search



Client side validation occurs when the server trusts the client to authenticate, authorize itself or validate data. The attack occurs when the attacker turns off this authentication and misrepresents the authentication or authorization state to the server. Client side validation is usually done by scripts that run on the client machine. These scripts can either be blocked or altered by the client at will and are completely attacker controlled.


  • Elevation of priviledges: The attacker can run with greater priviledges than entitled to.


  • Executing validation code on the client machine only
  • Server blindly trusts information from client


  • Server should not trust the client to authenticate or authorize itself
  • Client side validation done for performance reasons should be verified by the server

Attack Patterns


How Tos


Personal tools