nerdexam
CompTIA

SY0-301 · Question #496

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

The correct answer is A. Unexpected input. Fuzzing is a dynamic testing technique that feeds unexpected, random, or malformed input to an application to uncover crashes, vulnerabilities, and unhandled behavior.

Security operations

Question

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

Options

  • AUnexpected input
  • BInvalid output
  • CParameterized input
  • DValid output

How the community answered

(64 responses)
  • A
    89% (57)
  • B
    2% (1)
  • C
    3% (2)
  • D
    6% (4)

Why each option

Fuzzing is a dynamic testing technique that feeds unexpected, random, or malformed input to an application to uncover crashes, vulnerabilities, and unhandled behavior.

AUnexpected inputCorrect

Fuzzing deliberately supplies unexpected, random, or malformed data to application inputs to observe how the software responds to edge cases and invalid conditions. This technique discovers security vulnerabilities such as buffer overflows, input validation flaws, and unhandled exceptions that might not surface during normal functional testing.

BInvalid output

Fuzzing evaluates software behavior based on what is supplied as input and output is the observed result being analyzed, not the test condition being applied.

CParameterized input

Parameterized input uses structured, expected values and is associated with normal functional testing or parameterized database queries, which is the opposite of fuzzing.

DValid output

Valid output is the result of correct processing and is not a condition under which fuzzing operates, as fuzzing specifically aims to provoke abnormal or error output.

Concept tested: Fuzzing technique using unexpected input for vulnerability discovery

Source: https://owasp.org/www-community/Fuzzing

Topics

#fuzzing#application testing#unexpected input#software security

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice