This question is about security of dynamic web applications.

You have been hired as a web security expert by Town Tools, who are about to launch their online tool hire website. The website has been developed using node.js and the Express framework, with EJS as the templating engine. On your first day, you are shocked to discover the following route handling code in main.js on the site:

Describe three distinct security vulnerabilities you can see, the risk posed by each vulnerability and the approach you would take to address each vulnerability. There is no need to write working code in your answer, but reference any libraries and coding techniques you would use and write code snippets where it helps to illustrate your response.

For the vulnerability, give the common name for the vulnerability or a short description. For each risk, explain how the vulnerability could be exploited and give an example of what damage could be done by a hacker. For the remedy, explain how you would change the coding approach to fix the vulnerability.

Record your answers in a table like this:

\begin{tabular}{|l|l|l|} \hline Vulnerability & Risk and Example & Remedy \\ \hline & & \\ \hline & & \\ \hline & & \\ \hline \end{tabular}