A particular web application operation accepts an image upload. The logged in user provides a user ID, an image name, a brief description and image preferred size (height and width). Explain what checks the server-side function should perform (in general terms, code is not needed) before attempting to process the submission. provide an example of activity logging that would require additional security concerns to be addressed and why. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. Explain a coding technique that can be used to protect against SQL insertion. Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. Solution server side should check if some null constraints are applied to any of these fields more over if image size is already given to be uploaded, in case of failure of checking server should prompt a general message for the related exception that a naive can understand. provide an example of activity logging that would require additional security concerns to be addressed Being secure is not a sometimes thing, but an ongoing process. You aren\'t secure because you use a particular tool—you are secure because you apply a security mindset every day. as an example took the login with facebook, the facebook must disable the functionality of browser of save password because by doing so no outsider would enter your timeline. Explain a coding technique that can be used to protect against Cross-Site Scripting vulnerabilities. 1. Safely validating untrusted HTML input 2. Cookie security 3. Disabling scripts Explain a coding technique that can be used to protect against SQL insertion. 1. By doing Prepared Statements The use of prepared statements with variable binding is how all developers should first be taught how to write database queries 2. Using Stored Procedures 3. Using White List Input Validation 4. Least Privilages Explain how the ViewState field or a CSRF token helps protect against Cross-Site Request Forgery. The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET. The server rejects the requested action if the CSRF token fails validation .