Back to blog

How do client-side attacks actually happen?

Wednesday, September 3rd, 2025

Updated September 5th, 2025

S

Simon Wijckmans

A typical point of entry is when a malicious actor compromises a third-party service your website uses. Here's the process: your server sends the web page, and your browser requests hundreds of external resources like analytics scripts, marketing tools, and payment processors. Then, an attacker can intercept just one of these requests and inject malicious code instead of the legitimate script. 

Malicious scripts can also be injected through adverts, ad networks are essentially JS distribution networks for hire. A script on an ad network can steal credit card information and take sensitive tokens like session tokens. Therefore, if you have webpages where adverts and payments cross, it is best to be extra careful and implement a strict client-side security.

S

More About Simon Wijckmans

Founder and CEO of c/side. Building better security against client-side executed attacks, and making solutions more accessible to smaller businesses. Web security is not an enterprise only problem.