Last week, we worked on finding and fixing security flaws in the database. This week we will do the same with the web client and web service. We need to address the following problems:

• Add generic error pages.
• Create an allow list for all of the files that make up our AJAX client.
• Ensure that the user does not have the opportunity to manipulate the price of the products they are purchasing.
• Check for XSS vulnerabilities.
• Add transport encryption (HTTPS) to our web server.
• Prevent any sensitive customer data from being stored in the session storage.

We will also show you how to package up your application into a standalone system that can be used by customers to evaluate your system. This is not security related, but is a topic that is useful to know.