You should always do server-side validation! Always!
With JavaScript frameworks becoming more and more powerful, a lot of business logic is now done on the client side. This, however, can pose some security problems and here are three commonly found mistakes where server-side validation is omitted and parts of the web app are vulnerable because of this. We will be looking on role escalation, confidential information access, and more.
