What type of testing seeks to find vulnerabilities by sending incorrect input to a system?

The testing method designed to identify vulnerabilities by sending incorrect or unexpected input to a system is known as protocol fuzzing. This technique involves generating random, unexpected, or malformed data to assess how the system responds to atypical input scenarios. The primary goal of protocol fuzzing is to discover security weaknesses, crashes, memory leaks, or erroneous behavior that may not be apparent through standard testing procedures.

By using fuzz testing, security professionals can ensure that systems are robust and resilient against a variety of inputs, which attackers might exploit. This type of testing is particularly important in identifying issues that could lead to security breaches or denial of service attacks.

Other testing methodologies, such as static analysis or dynamic analysis, serve different purposes. Static analysis focuses on code examination without executing the program, which helps locate potential vulnerabilities in the source code itself, while dynamic analysis evaluates the program behavior during execution but does not specifically target incorrect input handling as fuzzing does. Unit testing is aimed at verifying the functionality of specific components of the code and is not designed to intentionally produce erroneous input to test system resilience. Therefore, protocol fuzzing stands out as the most aligned with the goal of uncovering vulnerabilities through inappropriate input.