- Username Enumeration: Green Website. The developer set the text "Login in was unsuccessful" to bold for an existing user but did not for a user that did not exist.
- Insecure Direct Object Reference: Red. The other two sites probably checked if the current user had access to view data on certain salespeople.
- SQL Injection: Blue.
- Cross-site Scripting: Green.
- Cross-Site Request Forgery: Red.
- Session Hijacking/Fixation: Blue.
GIF Here:
For CSRF:
Bonus Objective 2a:
