Which of the following is a software vulnerability that can be avoided by using input validation?
A.
Buffer overflow
B.
Application fuzzing
C.
Incorrect input
D.
Error handling
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
buffer overflow
2
0
agree
0
0
i think also buffer overflow
2
0
wrong, its
C. Incorrect input
0
1
thats not a vulterability
1
0
(-) Buffer overflow
Threat Not a Vulnerability
(-) Application fuzzing
This is a form of testing
(X) Incorrect input
This is the underlying vulnerability that would allow for a buffer overflow and would be exposed in fuzzing.
(-) Error handling
Helps avoid unpredictable states
0
0
u got it all wrong, input validation is not a vulnerability nor its a threat
http://www.testingsecurity.com/input-validation
0
0
Buffer overflow is a vulnerability and input validation prevents exploitation.
1
0
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer overflow exploits.
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.
Incorrect input is NOT considered a software vulnerability. Imagine I type my credit card number by mistake on the credit card column. Is it considered a software vulnerability?
Error handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system, and should include error and exception handling.
This is an ambiguous question because there are two correct answers: Buffer overflow and Application fuzzing. If I must pick one, I would pick Buffer overflow because it is more common. However, the author picks C and it is definitely wrong.
0
0
For me the answer is a: Buffer overflow.
C: Incorrect input- for me is a red herring.
C gives the impression of being an Input validation error, but it is in fact a testing and or hacking technique which could lead to an error or exploit.
This means that -Incorrect input- at the end of the day is not a software vulnerability as such.
At the end of the day a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer’s boundary and overwrites adjacent memory locations.
A buffer overflow can occur inadvertently, but it can also be caused by a malicious actor sending carefully crafted input to a program that then attempts to store the input in a buffer that isn’t large enough for that input. If the excess data is written to the adjacent buffer, it overwrites any data held there
In other words, incorrect input is an action which can lead to an Input validation error, such as a Buffer Overflow
2
0