312-50V11 · Question #142
Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?
The correct answer is D. Fuzzing Testing. Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.
Question
Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?
Options
- AFunction Testing
- BDynamic Testing
- CStatic Testing
- DFuzzing Testing
How the community answered
(59 responses)- A3% (2)
- B2% (1)
- C3% (2)
- D92% (54)
Why each option
Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.
Function testing validates that a feature behaves according to its specification using defined, expected inputs rather than random data.
Dynamic testing is a broad category that covers any testing performed by executing the program; fuzzing is a specific subset of it, so 'dynamic testing' alone does not identify the adaptive random-data technique described.
Static testing analyzes source code, binaries, or documentation without executing the application, which is the opposite of the runtime-observation method described.
Fuzzing (fuzz testing) directly matches the description: it inputs massive amounts of random or semi-random data into a target such as a SQL parser and monitors the output for anomalies, errors, or crashes. In the context of SQL injection testing, fuzzing helps discover unhandled input edge cases and coding errors that a structured test set might miss.
Concept tested: Fuzzing technique for SQL injection vulnerability discovery
Source: https://owasp.org/www-community/Fuzzing
Topics
Community Discussion
No community discussion yet for this question.