Client-side application attacks