CompTIA PenTest+ PT0-002 Practice Question
During a security assessment of a web application, you notice that carefully crafted inputs that should result in server-side errors do not produce discernible changes in the application's output. To confirm your suspicions of a potential back-end data store vulnerability, which technique would be most effective given the lack of informative responses?
Send an input that would typically generate an error and check for specific error messaging in the response.
Rely on automated tools using common payloads that produce detailed error messages to identify potential data extraction points.
Input crafted payloads that result in immediate reflection in application output to validate execution against the server's data handler.
Initiate a timing attack by sending a payload designed to trigger a delay in the application response indicative of successful execution on the data store.