Which of the following application security principles involves inputting random data into a program?
A. Brute force attack
D. Buffer overflow
Correct Answer: C
Section: Application, Data and Host Security
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.
A: A Brute force attack consists of systematically checking all possible keys or passwords until a match is found.
B: A sniffer is a passive network monitoring tool that provides information of network traffic in real-time. They are used for troubleshooting purposes, but can also be used by attackers
to determine what protocols and systems are running on a network.
D: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application receives more data than it is programmed to handle. This may cause the
application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary
access to privileged levels in the system, while overwriting can cause important data to be lost.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 66, 218, 257, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 18, 197, 229, 319