Side effects are generally unintended consequences of a function or program. These unintended consequences can be good or bad. In general, side effects are considered bad because they can make it difficult to reason about the behavior of a program and can lead to inconsistent behavior.

From a security perspective, side effects can be used to bypass security controls.

For example, a function that is supposed to login a user may improperly sanitize the input prior to validation. This can lead to a vulnerability where an attacker can bypass the password check via SQL injection. The attacker could use a username value that contains SQL code that bypasses the password check in the where clause of the query.

1select user.* from users where username = 'admin \'--' and password = 'password'