I\'ve been studying common injection problems and examples and I\'ve been wonder

Question

I've been studying common injection problems and examples and I've been wondering whether it would be possible to embed some filtering mechanism to prevent injection client side. For example checking address bar URL for possibly malicious added parameters, or checking forms user input on submission. I'm not questioning whether this measure would be 100% effective or needed, I'm just trying to understand if this would be technically possible and feasible.
It would be possible to filter user input browser side to prevent injection?

Explanation / Answer

Yes it's possible to add something like this on the client side, but it would not be effective. I wouldn't waste your time adding this type of protection to your client side. Since it is on the client side, a malicious user can (and will) bypass it immediately using an HTTP Proxy or something similar.

I would recommend give the book, The Web Application Hacker's Handbook a read. This goes into detail about how a malicious user will attack your site and points you to free tools that will allow you to attack a test site you control in the same manner that a hacker would. Actually doing this will open your eyes to how web security really works.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.