Protecting your infrastructure with tools like firewalls, WAFs, and using vulnerability scanners is what server-side security is all about. The goal is to help harden your systems against attacks targeting your infrastructure. Client-side security focuses on where your application actually runs, which is inside your users' browsers. Applications use the browser extensively to perform certain tasks but so do bad actors.
In simple terms, server-side security protects your kitchen, while client-side security protects the meal after it is served. Both are important. Because the security focus has been mostly on server-side actions, attackers are increasingly targeting the client-side because it allows them to steal directly from users without ever touching your servers. Having protection on both sides ensures your environment is secure from end to end.
How do client-side attacks actually happen?
Compromising a third-party service your website relies on is one common way attackers get in.
Why can't traditional security tools detect client-side threats?
Firewalls, WAFs, and vulnerability scanners are traditional security tools used to protect your server, but they cannot see what's happening in your users' browsers.
What's the difference between client-side security and application security?
Client-side security is a critical subset of AppSec that focuses on protecting applications where they actually execute--in users' browsers.
What is client-side security, and why do I need it?
Protecting your website visitors from malicious JavaScript attacks that happen in their browsers is the goal of client-side security.