Merge pull request #16 from lukasz-a-krol/main

lukasz-a-krol · web-flow · commit 2dee8ec94b53 · 2024-08-15T14:37:02.000+02:00
trying out a new system for hiding answers
diff --git a/content/learning-path/4/module-2.en.md b/content/learning-path/4/module-2.en.md
@@ -376,35 +376,7 @@ B) Enhanced user experience\
 C) Vulnerability to SQL injection attacks\
 D) Improved data integrity
 
-**Question 2**
-
-Which of the following is an effective mechanism for preventing cross-site scripting (XSS) attacks in web applications?
-
-A) Using plaintext for storing sensitive data\
-B) Escaping user input before displaying it\
-C) Storing user passwords in plain text\
-D) Disabling HTTPS encryption
-
-**Question 3**
-
-Which technique is effective in preventing SQL injection attacks in web applications?
-
-A) Using dynamic SQL queries\
-B) Employing input sanitization and parameterized queries\
-C) Storing sensitive data in plain text\
-D) Disabling error messages
-
-**Question 4**
-
-Which of the following statements best explains how proper data validation helps prevent command injection attacks in web application security?
-
-A) Data validation restricts the input to predefined characters and patterns, thereby minimizing the likelihood of malicious commands being injected into the application.\
-B) Proper validation techniques, such as input sanitization and parameterized queries, help neutralize malicious commands embedded in user inputs, thereby mitigating command injection vulnerabilities.\
-C) Implementing validation methods like input length checks and whitelisting of acceptable characters reduces the attack surface and prevents execution of unauthorized commands within the web application.\
-D) All of the above.
-
-### Answer key
-
+{{< question title="Answer and explanation" >}}
 **Question 1 correct answer**: C) Vulnerability to SQL injection attacks
 
 Explanation:
@@ -413,8 +385,18 @@ A) Incorrect. Failing to implement proper data validation typically does not lea
 B) Incorrect. While proper data validation contributes to a better user experience by preventing errors, its absence does not enhance user experience.\
 C) Correct. Without proper data validation, web applications are vulnerable to SQL injection attacks, where attackers can manipulate database queries by injecting malicious SQL code.\
 D) Incorrect. Data validation helps maintain data integrity, but its absence does not improve data integrity*.
-*
+{{< /question >}}
 
+**Question 2**
+
+Which of the following is an effective mechanism for preventing cross-site scripting (XSS) attacks in web applications?
+
+A) Using plaintext for storing sensitive data\
+B) Escaping user input before displaying it\
+C) Storing user passwords in plain text\
+D) Disabling HTTPS encryption
+
+{{< question title="Answer and explanation" >}}
 **Question 2 Correct Answer**: B) Escaping user input before displaying it
 
 Explanation:
@@ -423,7 +405,18 @@ A) Incorrect. Using plaintext for storing sensitive data does not prevent XSS at
 B) Correct. Escaping user input before displaying it helps mitigate XSS attacks by rendering any potentially malicious scripts harmless, thereby preventing them from executing in users' browsers.\
 C) Incorrect. Storing user passwords in plaintext is a security risk and unrelated to preventing XSS attacks.\
 D) Incorrect. Disabling HTTPS encryption exposes sensitive data to interception and does not prevent XSS attacks.
+{{< /question >}}
+
+**Question 3**
 
+Which technique is effective in preventing SQL injection attacks in web applications?
+
+A) Using dynamic SQL queries\
+B) Employing input sanitization and parameterized queries\
+C) Storing sensitive data in plain text\
+D) Disabling error messages
+
+{{< question title="Answer and explanation" >}}
 **Question 3 Correct Answer**: B) Employing input sanitization and parameterized queries
 
 Explanation:
@@ -432,8 +425,20 @@ A) Incorrect. Using dynamic SQL queries without proper input validation and sani
 B) Correct. Employing input sanitization and parameterized queries helps prevent SQL injection attacks by ensuring that user input is treated as data rather than executable code, thus neutralizing malicious SQL injection attempts.\
 C) Incorrect. Storing sensitive data in plain text increases the risk of data exposure but does not directly prevent SQL injection attacks.\
 D) Incorrect. Disabling error messages may hide potential vulnerabilities from attackers but does not address the root cause of SQL injection vulnerabilities.
+{{< /question >}}
+
+**Question 4**
+
+Which of the following statements best explains how proper data validation helps prevent command injection attacks in web application security?
+
+A) Data validation restricts the input to predefined characters and patterns, thereby minimizing the likelihood of malicious commands being injected into the application.\
+B) Proper validation techniques, such as input sanitization and parameterized queries, help neutralize malicious commands embedded in user inputs, thereby mitigating command injection vulnerabilities.\
+C) Implementing validation methods like input length checks and whitelisting of acceptable characters reduces the attack surface and prevents execution of unauthorized commands within the web application.\
+D) All of the above.
 
+{{< question title="Answer" >}}
 **Question 4 Correct Answer**: D) All of the above.
+{{< /question >}}
 
 ## Learning Resources
 
