Qwestrum Engineering360 · IT & Software · Web Technologies
Web Security Basics
Web security defends against common attacks — XSS (injected scripts), CSRF (forged requests), SQL injection (malicious input) — using output sanitisation, anti-forgery tokens, parameterised queries, and TLS for confidentiality.
Exam tip: keep SI units consistent end-to-end, write the governing relation symbolically before substituting, and sanity-check magnitude and sign.
Key formulas & points
Skim these first — then read the full notes below.
- XSS: sanitise output; a Content Security Policy restricts script sources
- CSRF: use SameSite cookies or anti-forgery tokens
- SQL injection is prevented by parameterised queries
Topic details
Introduction
This topic covers protecting web applications. You study the major OWASP attack classes and their defences, how HTTPS secures data in transit, how CORS governs cross-origin requests, and how tokens like JWT carry authenticated identity.
Key relations & formulas
Formulas (Indian textbook notation)
Formulas (Indian textbook notation)
Formulas (Indian textbook notation)
Notation and sign conventions
Relation 1 —
Formulas (Indian textbook notation)
Write this relation with symbols exactly as in Deitel Web Dev — Standard reference before substituting numbers. Examiners award partial marks for a correct setup even when arithmetic slips.
Relation 2 —
Formulas (Indian textbook notation)
Write this relation with symbols exactly as in Deitel Web Dev — Standard reference before substituting numbers. Examiners award partial marks for a correct setup even when arithmetic slips.
Relation 3 —
Formulas (Indian textbook notation)
Write this relation with symbols exactly as in Deitel Web Dev — Standard reference before substituting numbers. Examiners award partial marks for a correct setup even when arithmetic slips.
Concept in depth
Most web vulnerabilities come from trusting untrusted input. Cross-site scripting injects attacker script into pages, defeated by escaping output and a content security policy that whitelists script sources. Cross-site request forgery tricks a logged-in user’s browser into sending an unwanted request, blocked by SameSite cookies or unpredictable anti-forgery tokens that the attacker cannot supply. SQL injection smuggles commands through input, prevented entirely by parameterised queries that keep data separate from code. Underlying confidentiality comes from HTTPS, whose TLS handshake negotiates symmetric session keys so traffic cannot be read or tampered with in transit, while CORS controls which origins a browser lets a page contact.
Assumptions and validity limits
State assumptions explicitly before using any relation for web security basics — steady state, uniform properties, linear elastic material, ideal gas, incompressible flow, etc., as applicable.
Wrong assumptions invalidate the entire solution even when the formula is correct. In Web Technologies viva and GATE descriptive questions, listing valid assumptions often earns separate marks.
Step-by-step problem approach
1. Read the question and list given data with SI units (common in Web Technologies papers).
2. Draw a neat labelled diagram where applicable — examiners in Indian universities award diagram marks even when arithmetic slips.
3. Identify which relation from this topic applies to web security basics.
4. Use equation 1:
5. Use equation 2:
6. Substitute values, compute, and verify units and sign (direction).
7. State conclusion in one line — e.g. safe/unsafe, stable/unstable, feasible/infeasible.
2. Draw a neat labelled diagram where applicable — examiners in Indian universities award diagram marks even when arithmetic slips.
3. Identify which relation from this topic applies to web security basics.
4. Use equation 1:
.
5. Use equation 2:
.
6. Substitute values, compute, and verify units and sign (direction).
7. State conclusion in one line — e.g. safe/unsafe, stable/unstable, feasible/infeasible.
Applications & exam relevance
Web Security Basics appears in web apps and REST APIs. In Indian it software curricula this topic is tested because it connects theory to front-end and back-end web stack.
GATE and semester exams often combine web security basics with earlier units — revise prerequisites before attempting mixed problems.
Industry interview panels sometimes ask: "Where did you use web security basics?" — answer with a lab, mini-project, or plant visit example if possible.
Common mistakes in exams
Students confuse XSS (script injection into the page) with CSRF (forged cross-site requests), think escaping input alone stops SQL injection (use parameterised queries), and assume HTTPS also prevents application-layer attacks like XSS (it does not). Misreading how SameSite cookies mitigate CSRF is common.
Quick revision checklist
Before attempting web security basics problems, confirm you can:
1. XSS: sanitise output; a Content Security Policy restricts script sources
2. CSRF: use SameSite cookies or anti-forgery tokens
3. SQL injection is prevented by parameterised queries
2. CSRF: use SameSite cookies or anti-forgery tokens
3. SQL injection is prevented by parameterised queries
Revise the solved examples in Deitel Web Dev — Standard reference and one previous-year GATE or university paper for this unit.
Worked examples
Try the problem first — open the solution when you are ready to check.
Preventing SQL injection
Problem
A login query concatenates user input: "SELECT * FROM users WHERE name='" + input + "'". Why is this unsafe and what is the fix?
Solution
Input like ' OR '1'='1 alters the query logic to always match. The fix is a parameterised (prepared) query with a bound parameter, so the input is treated strictly as data, never as SQL.
Conceptual check — Web Security Basics
Problem
In a Web Technologies semester or GATE paper you are asked: "State the main assumption, the governing relation, and one practical consequence of web security basics." What should a complete answer include?
Exams & GATE
List the OWASP Top 10 categories for viva and GATE IT.
📖 Standard books (India)
Deitel Web Dev — Standard reference
Read: Syllabus unit
Referenced in Indian B.Tech syllabus
Explore related topics
See real it & software careers
After exams and interviews, see how engineers actually built careers — milestones and decisions from people in the field.