There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

August 10, 2021 by Admin

An internal penetration tester finds a legacy application that takes measurement input made in a text box and outputs a specific string of text related to industry requirements. There is no documentation about how this application works, and the source code has been lost. Which of the following would BEST allow the penetration tester to determine the input and output relationship?

Running an automated fuzzer
Constructing a known cipher text attack
Attempting SQL injection commands
Performing a full packet capture
Using the application in a malware sandbox

Leave a Reply Cancel reply

×