Website scripts run in one of two places:

• Server side—called the backend: Server-side validation is where the input by the user is being sent to the server and being validated with the response being sent back to the client. Programming languages such as C# and .NET are server-side.
• Client side—called the frontend: Client-side validation does not require a round trip to the server, so the network traffic will help your server perform better. This type of validation is done on the browser side using script languages such as JavaScript, VBScript, or HTML5 attributes. 

Client-side validation is much quicker, but an attacker can exploit the JavaScript and bypass the client side. Server-side validation takes much longer, and can use input validation to check that the input is valid and to stop the attacker who has just bypassed the client side. There is more control over server-side validation and it is more secure.