Do you have any idea how many of the 2014 data breaches involved client side attacks? In this semi-technical talk Jason will explore beyond the typical JavaScript alert popup box we are all too familiar with in web app penetration tests. He will break down common (and some less common) web client attacks to provide better insight into how to discover them and how to make use of them in more complex attack scenarios. This talk is geared towards those who are somewhat new to web penetration testing but will also benefit non-technical audiences who want a better understanding of web client vulnerability jargon.