24 of 31
Client-Side Validation
uClient-side
validation cannot be trusted as secure.
ØAll
validation must be performed on the server side.
ØEnd-users
cannot be trusted.
ØJavaScript embedded in web pages makes for a better user
experience that
provides immediate feedback.
§Cannot
be trusted to properly validate input.
§Easily
disabled on the client side
§Can
be bypassed by creating a request manually using URL parameters.
ØAvoid
cleansing data and instead reject it.
