While testing a banking portal, you inject "" into a comment field. The browser's client-side validation blocks the input, but after resending the modified request through an intercepting proxy the script is stored and runs for every visitor. Which fundamental web application concept did the developers ignore?
Relying on client-side input validation instead of enforcing validation on the server
Implementing layered defense by duplicating security controls at each tier
Applying least-privilege access controls to application roles
Using parameterized queries to separate code from data in SQL statements
Client-side input validation is meant only to improve user experience; it cannot be trusted for security because attackers can alter or replay HTTP requests outside the browser. All security-relevant checks, especially those preventing script injection, must be enforced on the server after data is received. By relying solely on JavaScript running in the user's browser, the development team failed to apply server-side validation and sanitization. The least-privilege principle concerns access rights, not input handling. Defense-in-depth advocates multiple overlapping controls, not a single client check. Parameterized queries mitigate SQL injection, not cross-site scripting triggered by unsanitized HTML input.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is server-side validation more secure than client-side validation?
Open an interactive chat with Bash
What is cross-site scripting (XSS), and how does it relate to this scenario?
Open an interactive chat with Bash
How can developers prevent XSS attacks in web applications?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .