Jump to content



Photo

Re: Security+ Question


  • Please log in to reply
2 replies to this topic

#1 netsurfer802

netsurfer802

    Neowinian

  • Joined: 27-September 10

Posted 14 January 2013 - 01:25

Can somebody think of a real life example of this?


Which of the following is another name for fizzing third party proprietary software?
A. Grey box testing
B. Black box testing
C. White box testing
D. Blue jacking
Answer: B
Explanation:


#2 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 14 January 2013 - 02:39

fizzing?

#3 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 15 January 2013 - 10:35

Hello,

I think he meant fuzzing, e.g., sending malformed data to an application to see how it responds.

That is actually an extremely poorly thought-out question, because fuzzing is a testing technique that can be applied to any kind of software (commercial off the shelf, proprietary, open source) that you have licensed, created, downloaded, etc.

Some examples of fuzzing in action:
  • At my last job (VoIP hardware manufacturer) we used a box from Ixia to generate malformed/out-of-spec SIP traffic in order to test our PBXes and handsets.
  • At my current employer (software developer) we fuzz our own software (COTS stuff) to see how resilient it is to things like malformed/corrupt software updates using internally developed tools.
I would say either of these applications is a "white box" test, since we are the creator of the product being tested. On the other hand, in the first test, I used a third-party fuzzing tool purchased from another company—I'm not sure if that affects the answer to the question, though.

Regards,

Aryeh Goretsky



Click here to login or here to register to remove this ad, it's free!