In web development, 'client side' refers to everything in a web application that is displayed or takes place on the client (end user device), for example content from markup languages (like HTML and CSS) which are interpreted by the browser. This includes what the user sees, such as text, images, and the rest of the UI, along with any actions that an application performs within the user's browser.
As most websites will include client-side processes, moving away from doing everything on the server side, testers should ensure client-side validation cannot be bypassed e.g. by validating that required fields, format checks and limits enforced in the UI can’t be bypassed by disabling JavaScript, modifying requests or using developer tools. Other client-side testing should include ensuring the server does not trust client-calculated or client-provided values, especially when these relates to prices, totals or permissions. Security vulnerabilities can also be introduced by client-side logic such as exposing secrets (in JS, local storage or session storage), sensitive logic (in JS) or being susceptible to to XSS due to improper encoding.
As most websites will include client-side processes, moving away from doing everything on the server side, testers should ensure client-side validation cannot be bypassed e.g. by validating that required fields, format checks and limits enforced in the UI can’t be bypassed by disabling JavaScript, modifying requests or using developer tools. Other client-side testing should include ensuring the server does not trust client-calculated or client-provided values, especially when these relates to prices, totals or permissions. Security vulnerabilities can also be introduced by client-side logic such as exposing secrets (in JS, local storage or session storage), sensitive logic (in JS) or being susceptible to to XSS due to improper encoding.
