Security / Quiz
Security Battle
Exploit or defend? Read the request, spot the vulnerability class, and choose the fix that actually closes the hole. Think like the attacker your API will meet.
- Difficulty
- Hard
- Format
- Quiz
- Points
- 200
- Estimate
- 8 min
// MISSION BRIEF
Security Battle ⚔️
Each round drops you a real-looking request, response, or snippet. Name the vulnerability, then pick the fix that actually closes it, not the one that just looks secure.
Rules of engagement:
- This is defensive testing of your own systems: recognizing and closing holes.
- The tempting-but-wrong answer is always on the board.
- Match the fix to the vulnerability class, not the symptom.
Best score counts.
// FIRST CONTACT
Battle teaser
Authenticated as user 1001, you request `GET /api/users/1002/invoices` and get 200 with user 1002's data. Vulnerability class?
- ASQL Injection
- BRate-limit bypass
- CBroken Object Level Authorization (BOLA/IDOR)
- DCross-Site Scripting
Answers, scoring, hints, and the full battle stay sealed.
// SKILL TAGS
securityowaspbolaxsssqlijwtbattle