Mr Ethan is implementing Fuzzing in his web application. Which steps has to be followed for implementing Fuzzing in his application? A) Identify Target software's/systems B) Generate Fuzz Data C) Execute test using Fuzzer D) Observe software behavior E) Review Fuzzer and software Logs F) Identify software Inputs Choose exactly CORRECT option.
Answers
Answer:
Advantages of Fuzz Testing
Fuzz testing improves software Security Testing.
Bugs found in fuzzing are sometimes severe and most of the time used by hackers including crashes, memory leak, unhandled exception, etc.
If any of the bugs fail to get noticed by the testers due to the limitation of time and resources those bugs are also found in Fuzz testing.
Disadvantages of Fuzz Testing
Fuzz testing alone cannot provide a complete picture of an overall security threat or bugs.
Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as some viruses, worms, Trojan, etc.
Fuzz testing can detect only simple faults or threats.
To perform effectively, it will require significant time.
Setting a boundary value condition with random inputs is very problematic but now using deterministic algorithms based on users inputs most of the testers solve this problem.
Explanation:
Answer:
First recognition the system target and inputs. Fuzzed data Generation and fuzzer is using the excute test data.
Explanation:
Step 1: Recognition of the target system.
Step 2: Recognition of the inputs.
Step 3: Generate Fuzz data.
Step 4: Test Execution using fuzzy data.
Step 5: System behavior Monitoring.
Step 6: Logging of defects.
#SPJ3