The Relevance of Client-side Web Security.- The Web at a Glance.- Client-side Web Security.- Purpose of this Book.- Traditional Building Blocks of the Web.- Traditional Web Technology.- Loading Web Content.- Authentication and Authorization.- Cookies and Session Management.- Browser Security Policies.- Extending the Client-side Features.- Enhancing the User's Window on the Web.- The Browser as a Platform.- The Synergy between Browsers and Devices.- From Rendering Engine to Feature-rich Platform.- Client-side Storage.- Communication Mechanisms.- Mobile Features.- Registering Default Applications.- Transforming the Browser into an Operating System.- How Attackers Threaten the Web.- Threat Models in Literature.- Threat Models as Concrete Attacker Capabilities.- Conclusion.- Attacks on the Network.- Eavesdropping Attacks .- Man-in-the-Middle Attacks.- Protocol-level Attacks on HTTPS.- Attacks on the Browser's Requests.- Cross-Site Request Forgery.- UI Redressing.- Attacks on the User's Session.- Session Hijacking.- Session Fixation.- Authenticating with Stolen Credentials.- Attacks on the Client-Side Context.- Cross-Site Scripting.- Scriptless Injection Attacks.- Compromised Script Inclusions.- Attacks on the Client Device.- Drive-by Downloads.- Malicious Browser Extensions.- Improving Client-side Web Security.- Overview of Best Practices.- Secure Communication Channel.- Application-level Techniques.- Security Policies.- Research-driven Security Technology.- Conclusion.