How would you identify a vulnerability in a small provided application, exploit it, and then patch it?