AdvancedSecurity Fundamentals

Lab: spot the vulnerability

Apply the security mindset — injection, password storage, and authorization.

Lab · optionalFundamentalsAdvanced10 min

Recommended first

By the end of this lesson you will be able to:

Optional scenario lab. Security is a mindset — ask how each thing could be abused. Practice spotting the flaw and the fix.

1.
Code builds a query as: "SELECT * FROM users WHERE name = '" + name + "'". This is vulnerable to:
Cross-site scripting (XSS)SQL injectionA memory leakNothing — it's fine
2.
The right fix for that bug is to:
Escape the quotes by handUse a parameterised queryTrust the input and move onHash the whole query
3.
How should you store user passwords?
Plain textReversibly encryptedA salted, slow hash (bcrypt/scrypt/Argon2)Base64-encoded
4.
A logged-in user requests /orders/123, which belongs to someone else, and the app shows it. The missing check is:
AuthenticationAuthorizationEncryptionLogging

The unifying habit: never trust input, keep data separate from code, and check both who you are and what you may do.

Finished reading? Mark it complete to track your progress.

Common vulnerabilities

The recurring flaws — injection, XSS, and friends — and the habits that prevent them.

Why distributed is hard

The moment a system spans more than one machine, new and unavoidable problems appear.