A coding error has been discovered on a customer-facing website. The error causes each request to return confidential PHI data for the incorrect organization. The IT department is unable to identify the specific customers who are affected. As a result, all customers must be notified of the potential breach.
Which of the following would allow the team to determine the scope of future incidents?
A . Intrusion detection system
B . Database access monitoring
C . Application fuzzing
D . Monthly vulnerability scans
Answer: C
Explanation:
Fuzzing is a way of finding bugs using automation. It involves providing a wide range of invalid and unexpected data into an application then monitoring the application for exceptions. The invalid data used to fuzz an application could be crafted for a specific purpose, or randomly generated.
Leave a Reply