The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

incorrect format, alerting them to the problem via a client-side script

Download 5,76 Mb.

Pdf ko'rish

bet	228/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 224 225 226 227 228 229 230 231 ... 875

Bog'liq
3794 1008 4334

incorrect format, alerting them to the problem via a client-side script

provides a much more seamless experience. Of course, the application

must revalidate the item submitted when it arrives at the server.

■■

There are occasional cases where client-side data validation can be

effective as a security measure — for example, as a defense against

DOM-based cross-site scripting attacks. However, these are cases

where the direct focus of the attack is another application user, rather

than the server-side application, and exploiting a potential

vulnerability does not necessarily depend upon transmitting any

malicious data to the server. See Chapter 12 for further details of this

kind of scenario.

■■

As described previously, there are ways of transmitting encrypted data

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 224 225 226 227 228 229 230 231 ... 875