This form of testing is known as Fuzzing. Fuzzing (or fuzz testing) is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks.
In the CEH v13 courseware and study guide:
Module 6: Malware Threats
Subsection: Malware Analysis and Reverse Engineering Techniques
CEH v13 Official Study Guide and iLabs Practical
The CEH v13 guide states:
“Fuzzing is used as a software testing technique that involves sending malformed or unexpected inputs to an application in order to detect vulnerabilities such as buffer overflows, crashes, or unexpected behavior. It is particularly useful during vulnerability assessments and exploit development.”
Thus, Fuzzing helps identify vulnerabilities due to improper input validation and is widely used in vulnerability discovery and exploit testing.
Incorrect Options:
A. Randomizing: Not a recognized security testing method.
B. Bounding: Refers to setting limits or constraints; not relevant here.
C. Mutating: Can be part of fuzzing (mutation-based fuzzing), but not the umbrella term.
[Reference:CEH v13 Study Guide – Module 6, Malware Threats, Page on “Fuzz Testing”CEH v13 iLabs – Malware Threats Lab → Section on Vulnerability Discovery Using Fuzzers, ======, , ]
Submit