Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 58 tok/s
Gemini 2.5 Pro 52 tok/s Pro
GPT-5 Medium 13 tok/s Pro
GPT-5 High 15 tok/s Pro
GPT-4o 86 tok/s Pro
Kimi K2 208 tok/s Pro
GPT OSS 120B 447 tok/s Pro
Claude Sonnet 4 36 tok/s Pro
2000 character limit reached

Security Testing of RESTful APIs With Test Case Mutation (2403.03701v1)

Published 6 Mar 2024 in cs.CR and cs.SE

Abstract: The focus of this paper is on automating the security testing of RESTful APIs. The testing stage of this specific kind of components is often performed manually, and this is yet considered as a long and difficult activity. This paper proposes an automated approach to help developers generate test cases for experimenting with each service in isolation. This approach is based upon the notion of test case mutation, which automatically generates new test cases from an original test case set. Test case mutation operators perform slight test case modifications to mimic possible failures or to test the component under test with new interactions. In this paper, we examine test case mutation operators for RESTful APIs and define 17 operators specialised in security testing. Then, we present our test case mutation algorithm. We evaluate its effectiveness and performance on four web service compositions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (28)
  1. Integrity Protection Against Insiders in Microservice-Based Infrastructures: From Threats to a Security Framework, pages 573–588.
  2. Arcuri, A. (2018). Test suite generation with the many independent objective (mio) algorithm. Information and Software Technology, 104:195–206.
  3. Arcuri, A. (2019). Restful api automated test case generation with evomaster. ACM Trans. Softw. Eng. Methodol., 28(1).
  4. Random testing: Theoretical results and practical implications. IEEE transactions on Software Engineering, 38(2):258–277.
  5. CAPEC (2024). Common attack pattern enumeration and classification, https://capec.mitre.org/.
  6. CWE (2024). Common weakness enumeration, https://cwe.mitre.org/.
  7. Android testing crawler. In Piattini, M., da Cunha, P. R., de Guzmán, I. G. R., and Pérez-Castillo, R., editors, Quality of Information and Communications Technology - 12th International Conference, QUATIC, Ciudad Real, Spain, volume 1010 of Communications in Computer and Information Science, pages 313–326. Springer.
  8. TCM: Test Case Mutation to Improve Crash Detection in Android. In Proceedings of the 21st International Conference on Fundamental Approaches to Software Engineering, pages 264–280. Springer.
  9. A survey on model-based testing tools for test case generation. In Itsykson, V., Scedrov, A., and Zakharov, V., editors, Tools and Methods of Program Analysis, pages 77–89, Cham. Springer International Publishing.
  10. Towards security-aware mutation testing. In 2017 IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW), pages 97–102.
  11. On a classification approach for soa vulnerabilities. In 2009 33rd Annual IEEE International Computer Software and Applications Conference, volume 2, pages 439–444.
  12. Masood, A. (2013). Cyber security for service oriented architectures in a web 2.0 world: An overview of soa vulnerabilities in financial services. In 2013 IEEE International Conference on Technologies for Homeland Security (HST), pages 1–6.
  13. Sok: Run-time security for cloud microservices. are we there yet? Comput. Secur., 127:103119.
  14. Test case generation based on mutations over user execution traces. Software Quality Journal, 28.
  15. Mutation testing advances: an analysis and survey. In Advances in Computers, volume 112, pages 275–378. Elsevier.
  16. Learning communicating state machines. In Tests and Proofs, page 112–128, Berlin, Heidelberg. Springer-Verlag.
  17. Phillips, I. C. C. (1987). Refusal testing. Theor. Comput. Sci., 50:241–284.
  18. Automated test case generation for service composition from event logs. In 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 - Workshops, Luxembourg, September 11-15, 2023, pages 127–134. IEEE.
  19. Model reverse-engineering of Mobile applications with exploration strategies. In Ninth International Conference on Software Engineering Advances, ICSEA 2014, Nice, France.
  20. Testing software modelling tools using data mutation. In Proceedings of the 2006 International Workshop on Automation of Software Test, AST ’06, page 43–49, New York, NY, USA. Association for Computing Machinery.
  21. Testing web services with model-based mutation. pages 45–67.
  22. Securing vulnerable home iot devices with an in-hub security manager. In 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), pages 551–556.
  23. Good practices for security of internet of things in the context of smart manufacturing testing.
  24. Security testing of restful apis with test case mutation, companion site. https://github.com/JarodSue/Restful-API-test-case-mutation.
  25. Tretmans, J. (2008). Model Based Testing with Labelled Transition Systems, pages 1–38. Springer Berlin Heidelberg, Berlin, Heidelberg.
  26. On the nature of issues in five open source microservices systems: An empirical study. Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering.
  27. Directed test suite augmentation: Techniques and tradeoffs. FSE ’10, page 257–266, New York, NY, USA. Association for Computing Machinery.
  28. Crash reproduction via test case mutation: Let existing test cases help. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering, ESEC/FSE 2015, page 910–913, New York, NY, USA.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
Lightbulb On Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now