Security / Quiz

Security Battle

Exploit or defend? Read the request, spot the vulnerability class, and choose the fix that actually closes the hole. Think like the attacker your API will meet.

Difficulty
Hard
Format
Quiz
Points
200
Estimate
8 min

// MISSION BRIEF

Security Battle ⚔️

Each round drops you a real-looking request, response, or snippet. Name the vulnerability, then pick the fix that actually closes it, not the one that just looks secure.

Rules of engagement:

  • This is defensive testing of your own systems: recognizing and closing holes.
  • The tempting-but-wrong answer is always on the board.
  • Match the fix to the vulnerability class, not the symptom.

Best score counts.

// FIRST CONTACT

Battle teaser

Authenticated as user 1001, you request `GET /api/users/1002/invoices` and get 200 with user 1002's data. Vulnerability class?

  1. ASQL Injection
  2. BRate-limit bypass
  3. CBroken Object Level Authorization (BOLA/IDOR)
  4. DCross-Site Scripting
Answers, scoring, hints, and the full battle stay sealed.

// SKILL TAGS

securityowaspbolaxsssqlijwtbattle