WhitePaper Release: Defense against Client-Side Attacks

September 21, 2021

TL;DR: A new WhitePaper released “https://insight.claranet.co.uk/cybersecurity/defense-against-client-side-attacks” to help attackers understand client-side attacks and for developers to understand how to mitigate them.

In the modern era, the web exploitation world is obsessed with server-side attacks however the data now resides equally on server and client side. Developers focus on fixing server-side vulnerabilities first due to their high-profile nature. But what about client-side attacks like Cross-Site Scripting, Cross-Site Script Inclusion, Cross-Origin Resource Sharing, Cross-Site Request Forgery, Man-in-the-Middle, Clickjacking, Information Sharing / LeakageĀ  which are equally catastrophic. The impact of Client-Side attacks is limited to the user’s of the application compared to Server-Side attacks where the organisation’s network and data can be targeted by an attacker. For example, in the case of Cross-Site Scripting, exploitation will be limited to the users who access the vulnerable page.

In this WhitePaper written by Savan and Dharmendra at NotSoSecure, the focus is on the client-side vulnerabilities and strategies to identify simple configuration changes that developers can implement via custom headers to reduce/mitigate the effect of the threat.

The WhitePaper is divided into 3 sections:

  1. Client-Side components
  2. Various Client-Side attacks
  3. Recommendations about each vulnerability

With this WhitePaper, we intend to help pentesters identify and understand the importance of client-side vulnerabilities, by talking about various client-side vulnerabilities which pentesters should be looking-for during application assessments, and the strategies that developers can undertake to mitigate those vulnerabilities by making minimal configuration changes.

Click on the image and download a copy.

Defense against Client-Side Attacks

Whitepaper Release : Defense against Client-Side Attacks

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback