CompTIA CySA+ (CS0-003) — Question 227

A company is launching a new application in its internal network, where internal customers can communicate with the service desk. The security team needs to ensure the application will be able to handle unexpected strings with anomalous formats without crashing. Which of the following processes is the most applicable for testing the application to find how it would behave in such a situation?

Answer options

• A. Fuzzing
• B. Coding review
• C. Debugging
• D. Static analysis

Correct answer: A

Explanation

Fuzzing is the most appropriate method in this case as it involves sending a large amount of random or unexpected data to the application to observe how it handles such inputs, thus identifying potential vulnerabilities. Coding review, debugging, and static analysis are valuable techniques but do not primarily focus on testing the application's response to anomalous input strings.