Question

An application has been through pureview and regression testing and it's prepared for release. A security engineer is asked to analyze an application binary to look for potential vulnerabilities prior to wide release. After thoroughly analyzing an application to engineer informs the developer they should include additional input sanitation in the application to prevent overflow. Which of the following tools did the security engineer most likely used to determine this recommendation?

1. Fuzzing

2. HTTP interceptor

3. vulnerability scanner

4. SCAP scanner

Answer 1

1. Fuzzing:

Fuzzing is actually quality assurance technique. It is used to discover coding errors and security loopholes in software, operating systems or networks. It is also called Fuzz testing. It will input massive amounts of data, which is called fuzz, to the test subject in an attempt to make it crash. If a vulnerability is found, a software tool called a fuzzer can be used to identify potential causes.

Fuzzers work best for discovering vulnerabilities that can be exploited by buffer overflow, DOS (denial of service), cross-site scripting and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time.

Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.

2. Interceptors:

Interceptors allow us to intercept incoming or outgoing HTTP requests using the HttpClient . We can modify or change the value of the request bu using interceptors

3. Vulnerability scanner

These scanners are used to discover the weaknesses of a given system. It is a computer program designed to assess computers, networks or applications for known weaknesses. A vulnerability scanner will send special kind of data to your website which is similar to the type of data that a malicious hacker would send. However, it does it in a safe way. If the response from your website or web application shows that it can be hacked, the vulnerability scanner reports it to you and tells you how to fix it.

One of the vulnerability scanner is Acunetix

4.SCAP scanner

There is always a chance to face vulnerabilities in our system and Leaving our systems with these vulnerabilities can have a number of consequences, ranging from embarrassment to heavy damage when a vulnerability is exploited by an attacker. SCAP is a technique that is used for automated vulnerability checking, allowing you to take steps to prevent attacks before they happen.

From this, as a security engineer, I would suggest a vulnerability scanner because A vulnerability scanner not only detects and classifies system weaknesses in computers, networks, and communications equipment but also predicts the effectiveness of countermeasures.

Please upvote