Advanced Programming: Example Questions and Topics Try to define what the following mean, with respect to software development: Robust Secure (hint: answers in the lecture slides) How can the following be improved/ensured? Robustness Security Efficiency Maintainability Explain the errors that caused Ariane5 failure - what were the exact causes of the problem? E.g. read the relevant section of wikipedia's article: http://en.wikipedia.org/wiki/Cluster_(spacecraft)#Launch_failure Explain, in detail, how the Heart Bleed vulnerability works. Lots of resources (including lecture notes) and see, e.g. http://www.theregister.co.uk/2014/04/09/heartbleed_explained/ Make sure you understand basic python: lists, slice notation[2:3], etc. loops, etc. Write a fibonacci sequence generator Write a program that looks at a list and counts the number of elements that are greater than 5. Write a program that lists the first 50 prime numbers What index number would you use to access "Bob" in this list: Names = ["Steve","Bob","Emma"] Or in this list: Names = [...unknown-length..."Bob","John","Sarah","Sophie"] Or access the last four items in this list: Heights = [1.2,1.32,1.02,1.19,1.21,1.41,1.02,1.09,1.22] Regular expressions: What matches: doddle, nodding, noddy, teddy, redden But doesn't match: femto, frantic, dot, doodle, drift, trippy. Play https://regex.alf.nu/ (hint: the answer to the first round is 'foo') Write regexps which: 1. Match dates in the form: 23rd March, 2012 1st April, 1855 30th May, 2122 etc... 2. Match dates in form: 12/09/2014 10/11/2011 etc... 3. Match UK postcodes e.g. GL6 1AB, GU54 92ZC, AB2 23AZ, EH12 5RP, etc... 4. Match HTML tags. 5. Packet sniffing (looking for lines containing 'password') Revise the stock control system. Revise Classes, Exceptions, methods and inheritence. Look at the answer to the Stock Control System. Explain what an SQL injection attack is, and given an example of the SQL query that is vulnerable. Give the malicious input which would abuse the vulnerability. How would you use the cur.execute function differently to avoid such an attack. What are the SQL commands for CREATING, INSERTING, SELECTING, DELETING and UPDATING database rows? (for somee of these you might have to look a bit further afield than just the lecture slides). Type the command for each of these situations: - I'm in /var/log and I want to change directory to /home/mike (using absolute paths) -I'm in /public/var/www/mike/main/drupal/sites/all/modules/sub/images and want to reach /public/var/www/mike/main/drupal/sites/all/default/images (using relative paths) -I want to copy /etc/fstab to /home/mike -I want to copy the whole of /etc to ~/temp_etc -I want to move /var/log/apache/access.log to /var/log/apache/old.access.log -I want to delete /tmp/oldjunk - I want to list the contents of the current directory. - I want to search this list for all files with a vowel in their name (hint check out how to use the pipe command: a | b and the grep command) - I want to search this list for all files with a vowel in their name, and only output the first 5 items (hint, check out the head and tail commands). - I want to search /var/log/syslog for references of the word 'error' (hint: grep and pipe). - I want to output the content of the file /home/mike/data answer: cat /home/mike/data - I want to search this output for the word 'result' answer: cat /home/mike/data | grep 'result' - I want to search THIS output for the word 'final' answer: cat /home/mike/data | grep 'result' | grep 'final' - I want to delete all files that start with old in the current directory. - I want to make a directory called 'new_folder' - I want to recursively copy a directory called 'bob' to 'new_bob' see The Linux Command Line (TLCL) pdf book. Define - HTTP - Web server - a server-side computer program to distribute website files and run scripts. - Web browser - a client-side program for rendering/displaying webpages - Database server - Linux - Windows - an operating system - Apache - a popular webserver - XSS vulnerability (e.g. read http://en.wikipedia.org/wiki/Cross-site_scripting. How can they be avoided) - XML - CSV - python - PHP - JSON - SQlite - LAMP - MySQL - PHP - WebAPI Extra stuff maybe useful for the exam: Think about the SQL injection attack and how the associated vulnerability is more general: We need to ensure the user data is properly sanitised before we use it. For example: A webpage might get from a webform the user's id, and then uses this in a call (using os.popen - look this up!) to the linux 'users' command (look this up too) to see if they're currently logged in. 1) Write a program which does this. 2) How did you make it secure? 3) What could happen if you just take the user's raw web input in your program? 4) Can you write a malicious message which can exploit this vulnerability?