21. Given the program (slide 8, Lecture 3), explain what is the vulnerability in the code, what was the bug produced from the vulnerability and in which software? 22. How the attacker exploited the bug (question 21)? 23. How do you think we could have fixed the bug from the program (slide 5, Lecture 3) 24. Given the following printf statements, mention whether it is vulnerable to format string and if yes, how to fix it. (examples: slide 14,15,16,17,18 ). 25. What would be the output of the following printf? (slide 18). 26. Mention three attacks that are possible by exploiting format string vulnerability. 27. Given the following program, mention whether it is vulnerable to integer overflow, and whether it can cause buffer overflow. (Example: slide 25, assuming malloc's parameter data type is a 4-bit unsigned integer, and sizeof(long) =4, and number_of_values =5 ). 28. Mention three recommendations to avoid integer overflow. 29. What are the three parts of an URL? 30. What is the main difference between GET and POST request? 31. What is the referrer field in the HTTP request header? 32. Status code is contained in the GET request / POST request / Response? 33. Show how you will attack the website (slide 18) using SQL injection attack: a. Login as Bob without knowing his password. b. Login without knowing any username and password c. Login is Bob and delete the Users table 21. Given the program (slide 8, Lecture 3), explain what is the vulnerability in the code, what was the bug produced from the vulnerability and in which software? 22. How the attacker exploited the bug (question 21)? 23. How do you think we could have fixed the bug from the program (slide 5, Lecture 3) 24. Given the following printf statements, mention whether it is vulnerable to format string and if yes, how to fix it. (examples: slide 14,15,16,17,18 ). 25. What would be the output of the following printf? (slide 18). 26. Mention three attacks that are possible by exploiting format string vulnerability. 27. Given the following program, mention whether it is vulnerable to integer overflow, and whether it can cause buffer overflow. (Example: slide 25, assuming malloc's parameter data type is a 4-bit unsigned integer, and sizeof(long) =4, and number_of_values =5 ). 28. Mention three recommendations to avoid integer overflow. 29. What are the three parts of an URL? 30. What is the main difference between GET and POST request? 31. What is the referrer field in the HTTP request header? 32. Status code is contained in the GET request / POST request / Response? 33. Show how you will attack the website (slide 18) using SQL injection attack: a. Login as Bob without knowing his password. b. Login without knowing any username and password c. Login is Bob and delete the Users table