In Flask, why should you always validate user input before processing it?
Think about what happens if bad data reaches your app unchecked.
Validating input helps stop harmful data like scripts or SQL commands that attackers might use to harm your app or steal information.
Consider a Flask app with forms but no CSRF protection. What risk does this create?
Think about what CSRF stands for and what it protects against.
Without CSRF protection, attackers can create fake requests that look like they come from users, causing unwanted actions like changing passwords or making purchases.
What security issue does this Flask route have?
from flask import Flask, request app = Flask(__name__) @app.route('/delete', methods=['POST']) def delete_item(): item_id = request.form['id'] # Deletes item without checking user permissions delete_from_db(item_id) return 'Deleted'
Think about what could happen if anyone can call this route.
The route deletes items without checking if the user has permission. This can let attackers delete data they shouldn't.
Choose the code that sets a cookie with security best practices in Flask.
Think about cookie flags that protect against theft and cross-site attacks.
Setting httponly, secure, and samesite flags helps protect cookies from being stolen or sent in unsafe ways.
Given this Flask code snippet, what will be the value of session['count'] after two requests?
from flask import Flask, session app = Flask(__name__) app.secret_key = 'secret' @app.route('/') def index(): session['count'] = session.get('count', 0) + 1 return str(session['count']) # Assume two requests are made by the same client in order.
Remember Flask sessions keep data between requests for the same client.
The first request sets count to 1, the second increments it to 2, so the output is "2".