1. A developer's automated build pipeline runs a security scan on every code commit. After one commit, the scan flags line 203 as using a function that performs no bounds checking on the destination buffer, recommending a safer alternative.
2. A web application rejects any username containing single quotes, double dashes, or semicolons, returns an error message asking the user to re-enter valid characters, and normalizes all input by decoding percent-encoded characters before applying the character check.
3. A mobile gaming app has been granted permission to use the device's display and speakers. When the app is compromised through a malicious in-game ad, the attacker can manipulate the game but cannot read the user's contact list, access their photos, or interact with other installed applications.
4. Before a software installer executes, the operating system uses the application's attached certificate (issued by a trusted CA) and the developer's public key to verify that the installer binary matches the hash the developer computed when they released it.