The greatest challenge for an attacker or an effective penetration tester is bypassing a target's security controls to achieve a compromise. This can be difficult when targeting systems located on a network because the attacker usually needs to bypass firewalls, proxies, intrusion detection systems, and other elements of a defense-in-depth architecture.
"The attacker's capacity to exploit a client-side vulnerability depends on the attacker's ability"
A successful workaround strategy is to directly target the client-side applications. The user initiates the interaction with the client application, allowing attackers to take advantage of the existing trust that exists between the user and the application. The use of social engineering methodologies will enhance the success of client-side attacks.
Client-side attacks target systems...
