Protecting your website visitors from malicious JavaScript attacks that happen in their browsers is the goal of client-side security. Compared to traditional attacks that focus on your servers, client-side threats target the scripts on your actual web pages. These include payment forms, chat widgets, and analytics tools. These attacks can quietly steal credit card details and other valuable information and can go unnoticed indefinitely. If you handle payments or sensitive data, you need client-side security to protect your customers and meet compliance requirements like PCI DSS.
Compromising a third-party service your website relies on is one common way attackers get in.
Firewalls, WAFs, and vulnerability scanners are traditional security tools to protect your servers, but they can't see what's happening in your users' browsers.
Server-side security protects your infrastructure, while client-side security focuses on where your application actually runs, inside your users' browsers.
Client-side security is a critical subset of AppSec that focuses on protecting applications where they actually execute--in users' browsers.