DOM-Based XSS occurs entirely in the browser without server involvement

DOM-Based XSS requires server-side interaction

DOM-Based XSS uses cookies to execute the script

DOM-Based XSS targets CSS instead of JavaScript

Using encrypted tokens

Implementing secure cookie attributes

Changing the session identifier after authentication

Maintaining the same session token across authentication states

Generating unique identifiers for objects

Transforming an object’s state into a storable or transferable format

Compressing data to reduce file size

Encrypting data to prevent unauthorized access

API endpoints are always public and easy to access.

APIs often expose sensitive business processes with insufficient access controls.

They rely entirely on client-side validation.

They lack encryption for transmitted data.

Sending multiple concurrent requests to overload the server.

Modifying an input field to bypass client-side restrictions.

Exploiting a SQL query to retrieve unauthorized data.

Skipping the payment page in an e-commerce workflow and directly finalizing the order.

The application does not restrict input size, causing a buffer overflow.

Sensitive information is stored in plaintext in the database.

User accounts are not locked after multiple failed login attempts.

Client-side JavaScript checks the maximum value of an input field, but the server doesn’t enforce this.

A misconfiguration of authentication and authorization protocols.

A weakness in an application’s intended workflows, leading to unintended consequences. 

A flaw caused by improper handling of database queries.

A vulnerability caused by improper encryption techniques.

Bypassing CAPTCHA during registration.

Manipulating shipping charges in an e-commerce platform.

Falsifying credit scores in a banking application.

Exploiting item duplication mechanics through race conditions.

Disabling unused API endpoints.

Setting input size limits in HTML forms.

Using stronger encryption for sensitive data.

Implementing unique session tokens to validate workflow integrity.

Preventing unauthorized user logins.

Protecting sensitive data through encryption. 

Ensuring critical resources are not modified concurrently by multiple processes.

Enforcing user roles in role-based access control.