You are an ethical hacker at Titan Cyber Defense, hired by BrightWave Publishing in New...

The correct answer is B. Testing String because the scenario describes a classic SQL injection detection approach where the tester submits special characters and malformed input strings—most notably single quotes ( ' )—to observe how the application processes them and whether it produces database error feedback. In SQL injection discovery, inserting a single quote (or multiple quotes) into a parameter commonly breaks the intended SQL syntax if the input is concatenated into a query without proper validation/escaping or parameterization. When this happens, the backend database often returns error messages that may disclose critical information such as the DBMS type (e.g., MySQL, Microsoft SQL Server, Oracle), query fragments, and sometimes references to table/column names. That is exactly what you observed: “system feedback that unexpectedly reveals the database type and internal query structure.”

This method is specifically called “testing strings” in CEH-style SQL injection identification: using quote characters, delimiters, comment markers, and other metacharacters to see whether the application is vulnerable and whether errors or abnormal behavior occur. The goal is not to fully exploit the injection immediately, but to confirm whether input is being interpreted as part of an SQL statement and to collect clues that help the tester model the backend query and proceed with safe, authorized validation steps.

Why the other options are less accurate: Function testing is a broader web-testing concept and is not the specific SQLi detection tactic shown. Dynamic testing generally refers to testing an application while it is running to observe behavior, but it does not name this specific SQLi discovery technique. Fuzz testing involves sending large volumes of random or semi-random unexpected inputs to trigger crashes or errors; while multiple quotes could be part of fuzzing, the described method is the targeted, well-known SQLi testing string approach used to elicit informative SQL errors.

Therefore, the method being employed is Testing String.