Machine Problem 3 Group Members: Deen, Ligero, Torres Web applications, even simple ones, can carry serious security flaws that are easy to miss during development. In this article, I'll walk through five vulnerabilities I identified and patched in a small Flask/SQLite app featuring a login page and a user posts feed. The fixes are straightforward, but the impact of leaving them unaddressed can be severe. Stack: Python, Flask, SQLite3 Vulnerabilities covered: SQL Injection, Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), Insecure Cookie Attributes Finding 1: SQL Injection — Login Bypass Severity: Critical Affected file: app.py — login() POST handler The Problem The login query was built by directly concatenating raw form input into a SQL string: res = cur . execute ( " SELECT id FROM users WHERE username = '" + request . form [ " username " ] + "' AND password = '" + request .…