What are Client-side web attacks?

What are Client-side web attacks?

What are Client-side web attacks?

Web Attacks can take place on the user's end, in which case they are called client-side attacks. Client-side web attacks include the following: Malicious HTML tags in web requests

Malicious code in a form window can cause the server to generate pages that are unpredictable or dangerous if run on the server. Malformed pages sent back to the client for execution may cause further problems.

Cure: Webmasters must not allow nonvalidated input. Use client-side scripting to clean up form data before it is transmitted. Malicious code from other clients

A web site with a discussion group may be open to attacks of the form:

Hello Buddy- Here is my message!

SCRIPT malicious code SCRIPT

That is all!

If a victim client has scripting enabled, their browser may run this code unexpectedly.

Cure: Users should turn off script functions, web servers should screen for embedded tags that show a script may be present. Clients sending malicious code to themselves

An attacker can slip a client a message or file and encourage them to post it to the server. When the server echoes or displays the posting, the client's machine may execute it.

Cure: Webmasters should screen data, even if the intended recipient is the client that sent it. Abuse of tags

Tags such as FORM, normally harmless enough, can cause trouble if they're embedded at the wrong place. An intruder can trick users into revealing sensitive information by modifying the behavior of an existing form or can display information that may have been held in the form of a previous user. Other HTML tags can alter the appearance of a page, insert unwanted or offensive images or sounds, break things, and otherwise disturb the peace by interfering with the page's intended appearance and behavior.

Cure: Set browser security to high and lower it only for those users you are sure will not violate that trust. Poisoned cookies

While visiting a web site, a simple text file called a cookie is often placed in the user's computer. At the next visit, the web server scans for cookies, and if it locates one, can use the cookie data to recall the previous conversation. A poisoned cookie is one that has been altered to trigger the download of malicious code.

Cure: Keep security settings high until trust is earned. Scan all incoming files (cookies included) for viruses to prevent the injection of malicious code. Using the wrong character set Browsers interpret the information they receive according to the character set chosen by the user. If the user fails to specify a character set, the web server uses a default setting, which can result in garbled displays or unintended meanings. Cure: Users should declare their character set when configuring their browsers.

POST COMMENT

How Important are These Web Traffic Rankings? Use The Web To Lower Your Monthly Bills 4 Video and Web Conferencing Myths Debunked Build Your World wide web Property Company With Practically nothing How to Make a Web Page CakePHP Development: Ensuring Rapid and Robust Web Applications Development PPC – Generating Instant Web Traffic The Only Strategy to Survive On the web - Get Unlimited Natural Back Links In Need of Tried and Tested World Wide Web Connectivity? OPTEMAN is the Solution Gerardo Flores Exposes Why Web Promoting does not Function Art Table Plans - Now Available On The Web ! What Targeted Web Traffic is All About Sins of the Web Selling Godfathers