An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?
A.
Vulnerability scanning
B.
Denial of service
C.
Fuzzing
D.
Port scanning
Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.Incorrect Answers:
A: Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. It does not identify unknown weaknesses in code.
B: Denial of Service (DoS) attacks web-based attacks that exploit flaws in the operating system, applications, services, or protocols. These attacks can be
mitigated by means of firewalls, routers, and intrusion detection systems (IDSs) that detect DoS traffic, disabling echo replies on external systems, disabling
broadcast features on border systems, blocking spoofed packets on the network, and proper patch management.
D: Port scanning is used by hackers to detect the presence of active services that are assigned to a TCP/UDP port. This is a network-based attack rather than an
attack that exploits coding weaknesses, which are aspects of application development.http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 342
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 24, 170-172, 211, 229