The relevance of client-side web security

Abstract

The Web has evolved from a static distributed hypertext system into a rich application platform, where the browser is capable of running highly dynamic client-side applications, which merely depend on backend server-side services for data storage. We observe a similar trend within the field of Web security, where more responsibilities are pushed towards the client side. Security mechanisms have evolved from default browser policies that are the same for all applications to server-driven security policies composed at the server side and enforced at the client side. This chapter briefly sketches the trends in the evolution of the Web and the parallels in the field of Web security. We introduce a social networking example scenario that will serve as a working example throughout this book. Finally, we provide a reader’s guide for the intended target audiences, which include students, teachers, trainers, researchers, developers, and security practitioners.