Client Side | HTML Tampering (3) | Cycubix Docs

Mitigation

In this simple example you noticed that the price is calculated client-side and sent to the server. The server accepted the input as a given and did not calculate the price again. One of the mitigations in this case is to look up the price of the television in your database and calculate the total price again.

In a real application you should never rely on client side validation. It is important to verify all the input sent by the client. Always remember: NEVER TRUST INPUT SENT BY A CLIENT.

References

https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

PreviousClient Side | HTML Tampering (2) | Cycubix Docs NextChallenges | Cycubix Docs

Last updated 5 months ago