by the client’s browser. The server may set cookies in a response header.
Dynamic web pages contain scripts accepting user input. Scripts may request further server connections. Several attack vectors target this interplay between client and servers.
– An attacker may retrieve cookies from the client, be it to profile the user or to use the cookies to impersonate the client.
– A malicious script in a web page may perform inappropriate operations on the client.
– A malicious script may use the client as a stepping stone to attack a third party.
– A malicious user may send malformed inputs in an HTTP request to perform inappropriate actions with the help of vulnerable server-side scripts (code injection).
