Which of the following security concepts identifies input variables which are then used to perform boundary testing?
A.
Application baseline
B.
Application hardening
C.
Secure coding
D.
Fuzzing
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.
Incorrect Answers:
A: An application baseline defines the level of security that will be implemented and maintained for the application. A low baseline implements almost no security
while a high baseline does not allow users to make changes to the application.
B: Application Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes
removing unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
C: Proper and secure coding can prevent many attacks, including cross-site scripting, SQL injection and buffer overflows.http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218-219, 226
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 229