REST API Fuzzing by Coverage Level Guided Blackbox Testing

Chung Hsuan Tsai, Shi Chun Tsai, Shih Kun Huang

研究成果: Conference contribution同行評審

6 引文 斯高帕斯(Scopus)

摘要

With the growth of web applications, REST APIs have become the primary communication method between services. In order to ensure system reliability and security, software quality can be assured by effective testing methods. Black box fuzz testing is one of the effective methods to perform tests on a large scale. However, conventional black box fuzz testing generates random data without judging the quality of the input. We implement a black box fuzz testing method for REST APIs. It resolves the issues of blind mutations without knowing the effectiveness by Test Coverage Level feedback. We also enhance the mutation strategies by reducing the testing complexity for REST APIs, generating more appropriate test cases to cover possible paths. We evaluate our method by testing two large open-source projects and 89 bugs are reported and confirmed. In addition, we find 351 bugs from 64 remote API services in APIs.guru. The work is in https://github.com/iasthc/hsuan-fuzz.

原文English
主出版物標題Proceedings - 2021 21st International Conference on Software Quality, Reliability and Security, QRS 2021
發行者Institute of Electrical and Electronics Engineers
頁面291-300
頁數10
ISBN(電子)9781665458139
DOIs
出版狀態Published - 2021
事件21st International Conference on Software Quality, Reliability and Security, QRS 2021 - Hainan, 中國
持續時間: 6 12月 202110 12月 2021

出版系列

名字IEEE International Conference on Software Quality, Reliability and Security, QRS
2021-December
ISSN(列印)2693-9177

Conference

Conference21st International Conference on Software Quality, Reliability and Security, QRS 2021
國家/地區中國
城市Hainan
期間6/12/2110/12/21

指紋

深入研究「REST API Fuzzing by Coverage Level Guided Blackbox Testing」主題。共同形成了獨特的指紋。

引用此