English
Related papers

Related papers: MINER: A Hybrid Data-Driven Approach for REST API …

200 papers

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Fuzzing has proven to be very effective for discovering certain classes of software flaws, but less effective in helping developers process these discoveries. Conventional crash-based fuzzers lack enough information about failures to…

Cryptography and Security · Computer Science 2024-11-04 Allison Naaktgeboren , Sean Noble Anderson , Andrew Tolmach , Greg Sullivan

Cloud services have recently exploded with the advent of powerful cloud-computing platforms such as Amazon Web Services and Microsoft Azure. Today, most cloud services are accessed through REST APIs, and Swagger is arguably the most popular…

Software Engineering · Computer Science 2018-06-27 Vaggelis Atlidakis , Patrice Godefroid , Marina Polishchuk

Fuzzing is a powerful technique for finding bugs in software libraries, but scaling it remains difficult. Automated harness generation commits to fixed API sequences at synthesis time, limiting the behaviors each harness can test.…

Software Engineering · Computer Science 2026-02-24 Harrison Green , Fraser Brown , Claire Le Goues

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

RESTful APIs are a type of web services that are widely used in industry. In the last few years, a lot of effort in the research community has been spent in designing novel techniques to automatically fuzz those APIs to find faults in them.…

Software Engineering · Computer Science 2022-07-11 Man Zhang , Andrea Arcuri

This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage…

Software Engineering · Computer Science 2020-05-26 Vaggelis Atlidakis , Roxana Geambasu , Patrice Godefroid , Marina Polishchuk , Baishakhi Ray

Fuzzing has gained in popularity for software vulnerability detection by virtue of the tremendous effort to develop a diverse set of fuzzers. Thanks to various fuzzing techniques, most of the fuzzers have been able to demonstrate great…

Cryptography and Security · Computer Science 2023-02-28 Yu-Fu Fu , Jaehyuk Lee , Taesoo Kim

Lack of experience, inadequate documentation, and sub-optimal API design frequently cause developers to make mistakes when re-using third-party implementations. Such API misuses can result in unintended behavior, performance losses, or…

Software Engineering · Computer Science 2021-07-13 Sebastian Nielebock , Robert Heumüller , Kevin Michael Schott , Frank Ortmeier

Software's pervasive impact and increasing reliance in the era of digital transformation raise concerns about vulnerabilities, emphasizing the need for software security. Fuzzy testing is a dynamic analysis software testing technique that…

Software Engineering · Computer Science 2024-07-22 Tiago Dias , Eva Maia , Isabel Praça

Due to its importance and widespread use in industry, automated testing of REST APIs has attracted major interest from the research community in the last few years. However, most of the work in the literature has been focused on black-box…

Software Engineering · Computer Science 2023-09-18 Andrea Arcuri , Man Zhang , Juan Pablo Galeotti

Fuzz testing of software libraries relies on fuzz drivers to invoke library APIs. Traditionally, these drivers are written manually by developers - a process that is time-consuming and often inadequate for exercising complex program…

Software Engineering · Computer Science 2026-04-21 Xingyu Liu , Zengqin Huang , Xiang Gao , Hailong Sun

Representational state transfer (REST) is a widely employed architecture by web applications and cloud. Users can invoke such services according to the specification of their application interfaces, namely RESTful APIs. Existing approaches…

Software Engineering · Computer Science 2022-03-08 Jiaxian Lin , Tianyu Li , Yang Chen , Guangsheng Wei , Jiadong Lin , Sen Zhang , Hui Xu

Despite the fact that the state-of-the-art fuzzers can generate inputs efficiently, existing fuzz drivers still cannot adequately cover entries in libraries. Most of these fuzz drivers are crafted manually by developers, and their quality…

Cryptography and Security · Computer Science 2023-09-08 Peng Chen , Yuxuan Xie , Yunlong Lyu , Yuxiao Wang , Hao Chen

Network-facing applications are commonly exposed to all kinds of attacks, especially when connected to the internet. As a result, web servers like Nginx or client applications such as curl make every effort to secure and harden their code…

Cryptography and Security · Computer Science 2024-09-04 Nils Bars , Moritz Schloegel , Nico Schiller , Lukas Bernhard , Thorsten Holz

Fuzzing -- whether generating or mutating inputs -- has found many bugs and security vulnerabilities in a wide range of domains. Stateful and highly structured web APIs present significant challenges to traditional fuzzing techniques, as…

Cryptography and Security · Computer Science 2021-12-21 Zac Hatfield-Dodds , Dmitry Dygalo

Modern compilers, such as LLVM, are complex pieces of software. Due to their complexity, manual testing is unlikely to suffice, yet formal verification is difficult to scale. End-to-end fuzzing can be used, but it has difficulties in…

Software Engineering · Computer Science 2025-07-15 Yuyang Rong , Zhanghan Yu , Zhenkai Weng , Stephen Neuendorffer , Hao Chen

Fuzzing has become a commonly used approach to identifying bugs in complex, real-world programs. However, interpreters are notoriously difficult to fuzz effectively, as they expect highly structured inputs, which are rarely produced by most…

Cryptography and Security · Computer Science 2023-04-06 Christopher Salls , Chani Jindal , Jake Corina , Christopher Kruegel , Giovanni Vigna

WebAssembly binaries are often compiled from memory-unsafe languages, such as C and C++. Because of WebAssembly's linear memory and missing protection features, e.g., stack canaries, source-level memory vulnerabilities are exploitable in…

Cryptography and Security · Computer Science 2021-11-01 Daniel Lehmann , Martin Toldam Torp , Michael Pradel

When designing a new API for a large project, developers need to make smart design choices so that their code base can grow sustainably. To ensure that new API components are well designed, developers can learn from existing API components.…

Software Engineering · Computer Science 2023-07-20 Sae Young Moon , Gregor Kerr , Fran Silavong , Sean Moran
‹ Prev 1 2 3 10 Next ›