Clients can receive malicious responses from servers in many ways that are out of their control. Client programs should not blindly trust server responses and should not allow the client to be compromised as a result of malicious responses. The same approaches used to send malicious requests when testing can be used to send malicious responses. It is usually not difficult for an attacker to create a malicious server.