Which of the following describes purposefully injecting…

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?

A.
Input validation

B.
Exception handling

C.
Application hardening

D.
Fuzzing

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.
Incorrect Answers:
A: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks
every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
B: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by
the programmer, and should capture errors and exceptions so that they could be handled by the application.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing
unnecessary functions and features, removing unnecessary usernames or logins and disabling unnecessary services.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 257
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 230, 319



Leave a Reply 0

Your email address will not be published. Required fields are marked *