What distinguishes a DOM-based attack from other types of web attacks?

• A. It requires interaction with the server to execute malicious code.
• B. The attack takes advantage of client-side scripting without sending data to the server.
• C. This type of attack only targets server-side vulnerabilities.
• D. It relies on manipulating session cookies to gain unauthorized access.

Answer: (B)

A DOM-based attack is characterized by its reliance on client-side manipulation of the Document Object Model (DOM) within a web browser, rather than involving any interactions with the server. This means that the attack exploits vulnerabilities that occur purely in the client’s environment—typically through JavaScript. It often involves injecting scripts or altering the DOM elements on the page to execute malicious code without needing to send any data back to the server.

This is a critical distinction because many web attacks, such as SQL injection or cross-site scripting (XSS), usually involve communication with the server or depend on server-side vulnerabilities. In contrast, DOM-based attacks function independently in the user's browser, making them particularly stealthy and challenging to detect since they do not generate traditional server logs or alerts.

Understanding this distinction is vital for recognizing the unique challenges that DOM-based attacks present in securing web applications against client-side threats.