Why isn't client side validation enough? | Plynt Security Testing Learning Center

You are here: Resources → Learning Center → I'm a developer → Why isn't client side validation enough?

I am using client side validation using Javascript for checking user inputs. Isn’t that enough?

Client side validation for checking user inputs is a good thing to have as it speeds up user experience. However, relying only on client side validation would be a bad programming practice. There are a number of freely available tools called web proxy editors (E.g. Webscarab, Burpproxy) which allows users to intercept and edit the requests being sent to the server. These tools can be used to bypass all client side validations. Thus, it is essential to have input validation done at the server as well.