Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

This question is about security of dynamic web applications. You have been hired as a web security expert by Town Tools, who are about to

image text in transcribed

This question is about security of dynamic web applications.

You have been hired as a web security expert by Town Tools, who are about to launch their online tool hire website. The website has been developed using node.js and the Express framework, with EJS as the templating engine. On your first day, you are shocked to discover the following route handling code in main.js on the site:

Describe three distinct security vulnerabilities you can see, the risk posed by each vulnerability and the approach you would take to address each vulnerability. There is no need to write working code in your answer, but reference any libraries and coding techniques you would use and write code snippets where it helps to illustrate your response.

For the vulnerability, give the common name for the vulnerability or a short description. For each risk, explain how the vulnerability could be exploited and give an example of what damage could be done by a hacker. For the remedy, explain how you would change the coding approach to fix the vulnerability.

Record your answers in a table like this:

image text in transcribed

\begin{tabular}{|l|l|l|} \hline Vulnerability & Risk and Example & Remedy \\ \hline & & \\ \hline & & \\ \hline & & \\ \hline \end{tabular}

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

C++ Database Development

Authors: Al Stevens

1st Edition

1558283579, 978-1558283572

More Books

Students also viewed these Databases questions