Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: To validate or not to validate: Client side validation

From: Alexander Klimov <alserkli () inbox ru>
Date: Thu, 22 Apr 2010 09:31:49 +0300
On Mon, 19 Apr 2010, pand0ra wrote:

Question: You are doing code review and come across a javascript
application that does not do input validation. Would you have the
developer go back and write in input validation? If so, why? If not,
why?


It is not a question of security (the client-side validation
cannot be trusted anyway), but rather a question of user
experience: the client-side validation makes error messages
faster.

-- 
Regards,
ASK

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: