Compromising a third-party service your website relies on is one common way attackers get in. Typically, your server delivers a web page, and your browser loads dozens or even hundreds of external sources such as analytics scripts, marketing tools, and payment processors. Only one of these needs to be intercepted by an attacker to replace a legitimate script with malicious code.
Cross-Site Scripting (XSS) attacks are an example of a malicious client-side executions. Once in place, credit card information and session tokens can be captured or redirect users to fake websites. Users will not notice these, and they can go undetected by traditional security tools.
Why can't traditional security tools detect client-side threats?
Firewalls, WAFs, and vulnerability scanners are traditional security tools used to protect your server, but they cannot see what's happening in your users' browsers.
What's the difference between client-side security and server-side security?
Server-side security protects your infrastructure, while client-side security focuses on where your application actually runs, inside your users' browsers.
What's the difference between client-side security and application security?
Client-side security is a critical subset of AppSec that focuses on protecting applications where they actually execute--in users' browsers.
What is client-side security, and why do I need it?
Protecting your website visitors from malicious JavaScript attacks that happen in their browsers is the goal of client-side security.