SY0-301 · Question #496
Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?
The correct answer is A. Unexpected input. Fuzzing is a dynamic testing technique that feeds unexpected, random, or malformed input to an application to uncover crashes, vulnerabilities, and unhandled behavior.
Question
Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?
Options
- AUnexpected input
- BInvalid output
- CParameterized input
- DValid output
How the community answered
(64 responses)- A89% (57)
- B2% (1)
- C3% (2)
- D6% (4)
Why each option
Fuzzing is a dynamic testing technique that feeds unexpected, random, or malformed input to an application to uncover crashes, vulnerabilities, and unhandled behavior.
Fuzzing deliberately supplies unexpected, random, or malformed data to application inputs to observe how the software responds to edge cases and invalid conditions. This technique discovers security vulnerabilities such as buffer overflows, input validation flaws, and unhandled exceptions that might not surface during normal functional testing.
Fuzzing evaluates software behavior based on what is supplied as input and output is the observed result being analyzed, not the test condition being applied.
Parameterized input uses structured, expected values and is associated with normal functional testing or parameterized database queries, which is the opposite of fuzzing.
Valid output is the result of correct processing and is not a condition under which fuzzing operates, as fuzzing specifically aims to provoke abnormal or error output.
Concept tested: Fuzzing technique using unexpected input for vulnerability discovery
Source: https://owasp.org/www-community/Fuzzing
Topics
Community Discussion
No community discussion yet for this question.