Web Security & Input Handling

Question 1

Common API Vulnerabilities

Answer 1

Broken Authentication — tokens not validated
Excessive Data Exposure — API sends more data than needed

Examples:
API returns full user profile, not just username
Login token not verified on every request

Question 2

Input Validation & Sanitisation

Answer 2

Validation: Check input format before processing (e.g., only numbers)
Sanitisation: Remove harmful parts (e.g., strip )

Prevents:
SQL Injection
Cross-Site Scripting (XSS)

Question 3

Secure Error Handling

Answer 3

Why: Prevent leaks of system info (e.g., stack traces, DB errors)
Principles:
Show generic errors to users (“Something went wrong”)
Log detailed errors privately for developers

Question 4

Session Handling & Memory Security

Answer 4

Session Handling: Secure tokens, expiry, regeneration
Example: Auto-logout after inactivity
Memory Security: Avoid leaving passwords in memory; clear variables
Example: Zero out memory used by sensitive info

Question 5

Broken Authentication

Answer 5

When login mechanisms are flawed
Vulnerabilities:
Weak passwords
Session IDs in URLs
No MFA
Prevention:
Enforce strong password policies
Use secure session tokens
Add multi-factor authentication

Question 6

What are Token

Answer 6

In software development, a token is a small, indivisible unit of data that has meaning within a programming language or system