client-side-security
Safeguard articles tagged "client-side-security" — guides, analysis, and best practices for software supply chain and application security.
4 articles
A methodology for testing SPAs for client-side vulnerabilities
DOM XSS, token storage, and API exposure don't show up in a server-side scan — here's a repeatable methodology for testing React, Vue, and Angular apps.
How Attackers Use JavaScript: Common Client-Side Attack Techniques
Using JavaScript for hacking rarely means writing exotic exploits — it means abusing the same DOM APIs, event handlers, and third-party scripts every legitimate site relies on.
PCI DSS 4.0 requirement 6.4.3 for e-commerce third-party ...
PCI DSS 4.0 now mandates strict controls over third-party JavaScript on payment pages. Here's what requirements 6.4.3 and 11.6.1 require and how to comply.
DOM-Based XSS: Finding and Fixing Client-Side Injection
DOM XSS never touches your server, so response scanners miss it. Here is how to trace sources to sinks in client code and shut the flaw down.