What type of testing should be performed to ensure a web application can handle unexpected input without crashing?

Fuzzing is a dynamic testing technique specifically designed to identify vulnerabilities in software applications by inputting a wide variety of unexpected, random, or malformed data. This approach helps simulate potential misuse or attacks on the application by generating inputs that the software might not adequately handle. The goal is to expose flaws such as crashes, memory leaks, or data corruption that could occur when the application processes inputs it does not expect or cannot handle.

By using fuzzing, developers can proactively discover weaknesses in their web applications, ensuring that they can gracefully handle erroneous inputs without compromising stability or security. It’s particularly effective for testing how well the application withstands unusual user behavior or malicious attacks.

In contrast to fuzzing, the other options listed serve different purposes. Code signing is primarily focused on verifying the integrity and origin of software, while manual code review involves human inspection of the source code for vulnerabilities, which may not effectively simulate the unpredictable nature of user input. Dynamic code analysis examines code behavior at runtime but may not be as robust in stress-testing applications against erratic input scenarios as fuzzing.