nerdexam
EC-Council

312-50V11 · Question #142

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

The correct answer is D. Fuzzing Testing. Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.

SQL Injection

Question

Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?

Options

  • AFunction Testing
  • BDynamic Testing
  • CStatic Testing
  • DFuzzing Testing

How the community answered

(59 responses)
  • A
    3% (2)
  • B
    2% (1)
  • C
    3% (2)
  • D
    92% (54)

Why each option

Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.

AFunction Testing

Function testing validates that a feature behaves according to its specification using defined, expected inputs rather than random data.

BDynamic Testing

Dynamic testing is a broad category that covers any testing performed by executing the program; fuzzing is a specific subset of it, so 'dynamic testing' alone does not identify the adaptive random-data technique described.

CStatic Testing

Static testing analyzes source code, binaries, or documentation without executing the application, which is the opposite of the runtime-observation method described.

DFuzzing TestingCorrect

Fuzzing (fuzz testing) directly matches the description: it inputs massive amounts of random or semi-random data into a target such as a SQL parser and monitors the output for anomalies, errors, or crashes. In the context of SQL injection testing, fuzzing helps discover unhandled input edge cases and coding errors that a structured test set might miss.

Concept tested: Fuzzing technique for SQL injection vulnerability discovery

Source: https://owasp.org/www-community/Fuzzing

Topics

#fuzzing#SQL injection testing#dynamic testing#random data input

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice