Free Preparation Discussions
MENU
WGU (D487, KEO1) Secure Software Design Exam - Topic 4 Question 9 Discussion
Topic #: 4
The product development team is preparing for the production deployment of recent feature enhancements. One morning, they noticed the amount of test data grew exponentially overnight. Most fields were filled with random characters, but some structured query language was discovered.
Which type of security development lifecycle (SDL) tool was likely being used?
Comprehensive and Detailed In-Depth Explanation:
The scenario described indicates that the system was subjected to inputs containing random data and some structured query language (SQL) statements, leading to an exponential increase in test data. This behavior is characteristic of fuzzing, a testing technique used to identify vulnerabilities by inputting a wide range of random or unexpected data into the system.
Fuzzing aims to discover coding errors and security loopholes by bombarding the application with malformed or unexpected inputs, observing how the system responds. The presence of random characters and SQL statements suggests that the fuzzing tool was testing for vulnerabilities such as SQL injection by injecting various payloads into the system.
This approach is part of the Verification business function in the OWASP SAMM, specifically within the Security Testing practice. Security testing involves evaluating the software to identify vulnerabilities that could be exploited, and fuzzing is a common technique employed in this practice to ensure the robustness and security of the application.
OWASP SAMM: Verification - Security Testing
Cheryll
2 days agoScot
7 days ago