Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: To validate or not to validate: Client side validation

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 27 Apr 2010 08:50:46 +0300
On Thu, 22 Apr 2010, Dotzero wrote:

Doing client input validation is not irrelevant to security. If I
believe that I am implementing it correctly on the client then when
I see something that violates that input validation I can reasonably
assume that it is hostile and not accidental. Reducing noise is
certainly a benefit. What is the risk of a false positive that
impacts your normal users if you decide to send a reset or drop
route on server side input validation failures if you are also doing
the same input validation on the client vs not?


Do you advocate to declare hostile anyone who turns JavaScript off?

-- 
Regards,
ASK

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: