Bootstrapping Automated Testing for RESTful Web Services-Reference-Cited by-同舟云学术

Bootstrapping Automated Testing for RESTful Web Services

Published:2021 Issue: Volume: Page:46-66
ISSN:0302-9743
Container-title:Fundamental Approaches to Software Engineering
language:
Short-container-title:

Author:

Chen Yixiong^ORCID,Yang Yang,Lei Zhanyao^ORCID,Xia Mingyuan^ORCID,Qi Zhengwei^ORCID

Abstract

AbstractModern RESTful services expose RESTful APIs to integrate with diversified applications. Most RESTful API parameters are weakly typed, which greatly increases the possible input value space. This poses difficulties for automated testing tools to generate effective test cases to reveal web service defects related to parameter validation. We call this phenomenon the type collapse problem. To remedy this problem, we introduce FET (Format-encoded Type) techniques, including the FET, the FET lattice, and the FET inference to model fine-grained information for API parameters. Enhanced by FET techniques, automated testing tools can generate targeted test cases. We demonstrate Leif, a trace-driven fuzzing tool, as a proof-of-concept implementation of FET techniques. Experiment results on 27 commercial services show that FET inference precisely captures documented parameter definitions, which helps Leif to discover 11 new bugs and reduce

$$72\% \sim 86\%$$

72 % ∼ 86 % fuzzing time as compared to state-of-the-art fuzzers.

Publisher

Springer International Publishing

Link

http://link.springer.com/content/pdf/10.1007/978-3-030-71500-7_3

Reference48 articles.

1. AppSpider. https://www.rapid7.com/products/appspider

2. BurpSuite. https://portswigger.net/burp

3. Fuzzapi. https://github.com/Fuzzapi/fuzzapi

4. TnT-Fuzzer. https://github.com/Teebytes/TnT-Fuzzer

5. CVE-2018-1257. Available from MITRE, CVE-ID CVE-2018-1257 (Dec 6 2017), https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1257

Cited by 7 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Testing RESTful APIs: A Survey;ACM Transactions on Software Engineering and Methodology;2023-11-24

2. Bootstrapping Automated Testing for RESTful Web Services;IEEE Transactions on Software Engineering;2023-04-01

3. Improving Conformance of Web Services: A Constraint-based Model-driven Approach;ACM Transactions on the Web;2023-03-27

4. Blunt leading-edge effect on spanwise-varying leading-edge contours of an UCAV configuration;Journal of Fluid Science and Technology;2023

5. Fuzzing REST APIs for Bugs: An Empirical Analysis;Evolution in Computational Intelligence;2023