nerdexam
EC-Council

312-50V10 · Question #142

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

The correct answer is D. Fuzzing Testing. Fuzzing is an adaptive testing technique that sends massive amounts of random or malformed data as input to discover vulnerabilities, crashes, or unexpected behavior in an application.

SQL Injection

Question

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Options

  • AFunction Testing
  • BDynamic Testing
  • CStatic Testing
  • DFuzzing Testing

How the community answered

(49 responses)
  • A
    2% (1)
  • B
    6% (3)
  • C
    2% (1)
  • D
    90% (44)

Why each option

Fuzzing is an adaptive testing technique that sends massive amounts of random or malformed data as input to discover vulnerabilities, crashes, or unexpected behavior in an application.

AFunction Testing

Function testing validates that specific application functions meet defined requirements using expected inputs, not random or massive data volumes.

BDynamic Testing

Dynamic testing refers broadly to executing the application to observe its behavior, but it does not specifically describe the technique of injecting large amounts of random data.

CStatic Testing

Static testing analyzes source code, documentation, or binaries without executing the program, making it unable to observe runtime output changes from random inputs.

DFuzzing TestingCorrect

Fuzzing (fuzz testing) is specifically defined as the practice of submitting large volumes of random, malformed, or unexpected data to an application to observe how it responds. In the context of SQL injection testing, fuzzers generate varied malicious payloads to uncover input validation flaws and coding errors that static or structured tests might miss.

Concept tested: Fuzz testing for SQL injection discovery

Source: https://owasp.org/www-community/Fuzzing

Topics

#fuzzing#SQL injection testing#dynamic testing#input validation

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice