via the client that are not vulnerable to tampering or replay attacks

When mechanisms such as length limits and JavaScript-based validation are

employed by an application to enhance performance and usability, these

should be integrated with server-side intrusion detection defenses. The server-

side logic which performs validation of client-submitted data should be aware

of the validation that has already occurred on the client side. If data that would

have been blocked by client-side validation is received, the application may

infer that a user is actively circumventing this validation, and so is likely to be

malicious. Anomalies should be logged and, if appropriate, application

administrators should be alerted in real time so that they can monitor any

attempted attack and take suitable action as required. The application may

also actively defend itself by terminating the user’s session or even suspend-

ing his account.

N OT E