1) The solution for many vulnerabilities is proper encoding of user supplied data. Compare and contrast early (i.e. as it is stored in the database) vs. late (i.e. as the data is reflected back to the user) encoding of data in web applications. How is this concept related to input validation?

2) Use the Common Vulnerability Scoring System to rate each of the four vulnerabilities: Injection, Broken Authentication and Session Management, Cross-Site Scripting (XSS), and Security Misconfiguration (provide a screenshot and explanations for your choices). Perform the same classification using the DREAD approach. Were there any discrepancies in the relative ratings of risk between the two approaches? If so, why?