312-50V13 · Question #71
To determine if a software program properly handles a wide range of invalid input, a form of automated testing can be used to randomly generate invalid input in an attempt to crash the program. What t
The correct answer is D. Fuzzing. Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as input to a computer program to expose software bugs, memory leaks, or security vulnerabilities, often leading to crashes. This method is particularly effective for te
Question
Options
- ARandomizing
- BBounding
- CMutating
- DFuzzing
How the community answered
(14 responses)- A7% (1)
- D93% (13)
Why each option
Fuzzing is an automated software testing technique that involves providing invalid, unexpected, or random data as input to a computer program to expose software bugs, memory leaks, or security vulnerabilities, often leading to crashes. This method is particularly effective for testing how a program handles a wide range of improper inputs.
Randomizing is a general term for making something random and does not specifically refer to the automated testing process of generating invalid input to crash a program.
Bounding refers to testing at the boundaries or limits of input ranges (e.g., minimum, maximum values) to ensure correct handling, rather than specifically generating random invalid inputs to induce crashes.
Mutating typically refers to altering existing test cases slightly to create new ones, or in a security context, modifying known malicious input to create variants, rather than generating entirely new random invalid input for robustness testing.
Fuzzing is a testing technique that systematically injects malformed, unexpected, or random data (fuzz) into a computer program's inputs to discover software defects, such as crashes, memory leaks, or assertion failures, which often indicate underlying security vulnerabilities. It directly aligns with determining how a program handles a wide range of invalid input.
Concept tested: Fuzzing for vulnerability testing
Source: https://learn.microsoft.com/en-us/security/engineering/fuzzing
Topics
Community Discussion
No community discussion yet for this question.