Week 4: Is There a Difference between Client Side and Server Side?

In order to better understand the difference between Client-Side, and Server-Side I needed to recall where this concept came from with respect to the Internet. In some cases this refers to Client-Side scripting and Server-Side scripting. Client-Side scripting is when source code is transferred to the end user’s computer and then run by a browser. A scripting language like JavaScript or ActiveX needs to be enabled in the browser. Sometimes this is disabled by default for security reasons.

Server-Side Scripting refers to a server-side environment, where scripts are run on the web server. Users will connect to the server and initiate the process through their browser, but the scripts will not be run by the local browser. This is better suited for situations where the user is looking up data stored on the server.

There are similarities and difference between “Client-Side Attack” and Server-Side Attack”. Sometimes both will target applications. The difference is that with Client-Side the target is applications or data on the users “client” computer. With Server-Side the target is located on a web server. One security concern with browsers has been vulnerability in Client-Side JavaScript. A Client-Side attack that uses JavaScript is also referred to as “cross-site scripting” or XSS. SQL injection would likely occur on the Server-Side, where a webpage is regulating access to a database on the web server.

Online Sources Bibliography:

(1) http://www.sqa.org.uk/e-learning/ClientSide01CD/page_18.htm

(2) https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf