A penetration tester is trying to stress test a web application by injecting malformed data into it. What is this method called?

The method being described is known as fuzzing. Fuzzing is a dynamic testing technique that involves sending a wide variety of invalid, unexpected, or random data as input to a program in order to identify vulnerabilities, bugs, or unexpected behaviors within the application. By injecting malformed data into the web application, the penetration tester seeks to uncover weaknesses that could be exploited by attackers, such as input validation errors, buffer overflows, or application crashes.

This approach is critical in the cybersecurity field because it allows security professionals to evaluate how the application handles unexpected input, thereby improving the security and robustness of the software. Given its focus on exposing security vulnerabilities through the manipulation of input data, fuzzing is a commonly employed technique in penetration testing.