Client-end code analysis

Based on the type of test, we can perform code analysis too. For applications that are hosted as a part of white box testing, the entire code will be available to the tester and he can use custom tools to perform an entire code review and find vulnerabilities based on the code logic. Let's say it is a black box and code analysis needs to be done. Given a black box scenario, the only code analysis that would happen is the client-end code and the JavaScript library references. Based on the analysis, a tester can bypass certain validation logic implemented by these scripts and enable us to perform certain attacks.

In the next chapter, we will be talking in detail about how we can bypass client-side logic by code manipulation.