English
Related papers

Related papers: WuppieFuzz: Coverage-Guided, Stateful REST API Fuz…

200 papers

Software's pervasive impact and increasing reliance in the era of digital transformation raise concerns about vulnerabilities, emphasizing the need for software security. Fuzzy testing is a dynamic analysis software testing technique that…

Software Engineering · Computer Science 2024-07-22 Tiago Dias , Eva Maia , Isabel Praça

With the growth of web applications, REST APIs have become the primary communication method between services. In order to ensure system reliability and security, software quality can be assured by effective testing methods. Black box fuzz…

Software Engineering · Computer Science 2022-01-03 Chung-Hsuan Tsai , Shi-Chun Tsai , Shih-Kun Huang

RESTful APIs are a type of web services that are widely used in industry. In the last few years, a lot of effort in the research community has been spent in designing novel techniques to automatically fuzz those APIs to find faults in them.…

Software Engineering · Computer Science 2022-07-11 Man Zhang , Andrea Arcuri

In RESTful APIs, interactions with a database are a common and crucial aspect. When generating whitebox tests, it is essential to consider the database's state (i.e., the data contained in the database) to achieve higher code coverage and…

Software Engineering · Computer Science 2025-07-29 Hernan Ghianni , Man Zhang , Juan P. Galeotti , Andrea Arcuri

Test flakiness is a common problem in industry, which hinders the reliability of automated build and testing workflows. Most existing research on test flakiness has primarily focused on unit and small-scale integration tests. In contrast,…

Software Engineering · Computer Science 2026-03-31 Man Zhang , Chongyang Shen , Andrea Arcuri , Tao Yue

Due to its importance and widespread use in industry, automated testing of REST APIs has attracted major interest from the research community in the last few years. However, most of the work in the literature has been focused on black-box…

Software Engineering · Computer Science 2023-09-18 Andrea Arcuri , Man Zhang , Juan Pablo Galeotti

Due to their widespread use in industry, several techniques have been proposed in the literature to fuzz REST APIs. Existing fuzzers for REST APIs have been focusing on detecting crashes (e.g., 500 HTTP server error status code). However,…

Software Engineering · Computer Science 2026-04-02 Omur Sahin , Man Zhang , Andrea Arcuri

Fuzzing REST APIs is an important research problem, with practical applications and impact in industry. As such, a lot of research work has been carried out on this topic in the last few years. However, there are three major issues that…

Software Engineering · Computer Science 2025-09-03 Omur Sahin , Man Zhang , Andrea Arcuri

Nowadays, web services play a major role in the development of enterprise applications. Many such applications are now developed using a service-oriented architecture (SOA), where microservices is one of its most popular kind. A RESTful web…

Software Engineering · Computer Science 2019-01-08 Andrea Arcuri

A common way of exposing functionality in contemporary systems is by providing a Web-API based on the REST API architectural guidelines. To describe REST APIs, the industry standard is currently OpenAPI-specifications. Test generation and…

Software Engineering · Computer Science 2023-10-27 Stefan Karlsson , Robbert Jongeling , Adnan Causevic , Daniel Sundmark

Representational state transfer (REST) is a widely employed architecture by web applications and cloud. Users can invoke such services according to the specification of their application interfaces, namely RESTful APIs. Existing approaches…

Software Engineering · Computer Science 2022-03-08 Jiaxian Lin , Tianyu Li , Yang Chen , Guangsheng Wei , Jiadong Lin , Sen Zhang , Hui Xu

This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage…

Software Engineering · Computer Science 2020-05-26 Vaggelis Atlidakis , Roxana Geambasu , Patrice Godefroid , Marina Polishchuk , Baishakhi Ray

Following the advent of the American Fuzzy Lop (AFL), fuzzing had a surge in popularity, and modern day fuzzers range from simple blackbox random input generators to complex whitebox concolic frameworks that are capable of deep program…

Cryptography and Security · Computer Science 2021-08-20 François Gauthier , Behnaz Hassanshahi , Benjamin Selwyn-Smith , Trong Nhan Mai , Max Schlüter , Micah Williams

Remote Procedure Call (RPC) is a communication protocol to support client-server interactions among services over a network. RPC is widely applied in industry for building large-scale distributed systems, such as Microservices. Modern RPC…

Software Engineering · Computer Science 2023-02-06 Man Zhang , Andrea Arcuri , Yonggang Li , Yang Liu , Kaiming Xue

REST APIs are widely used in industry, in all different kinds of domains. An example is Volkswagen AG, a German automobile manufacturer. Established testing approaches for REST APIs are time consuming, and require expertise from…

Software Engineering · Computer Science 2026-04-03 Andrea Arcuri , Alexander Poth , Olsi Rrjolli , Philip Garrett , Juan P. Galeotti

There are around 5.3 billion Internet users, amounting to 65.7% of the global population, and web technology is the backbone of the services delivered via the Internet. To ensure web applications are free from security-related bugs, web…

Software Engineering · Computer Science 2025-07-23 I Putu Arya Dharmaadi , Elias Athanasopoulos , Fatih Turkmen

Testing ultra-large microservices-based FinTech systems presents significant challenges, including restricted access to production environments, complex dependencies, and stringent security constraints. We propose SandBoxFuzz, a scalable…

Software Engineering · Computer Science 2025-04-29 Jiazhao Yu , Yanlun Tu , Zhanlei Zhang , Tiehua Zhang , Cheng Xu , Weigang Wu , Hong Jin Kang , Xi Zheng

Robustness is a key concern for Rust library development because Rust promises no risks of undefined behaviors if developers use safe APIs only. Fuzzing is a practical approach for examining the robustness of programs. However, existing…

Software Engineering · Computer Science 2021-10-25 Jianfeng Jiang , Hui Xu , Yangfan Zhou

Fuzzing is a widely used software security testing technique that is designed to identify vulnerabilities in systems by providing invalid or unexpected input. Continuous fuzzing systems like OSS-FUZZ have been successful in finding security…

Cryptography and Security · Computer Science 2023-07-04 Chaitanya Rahalkar

The emerging data-intensive applications are increasingly dependent on data-intensive scalable computing (DISC) systems, such as Apache Spark, to process large data. Despite their popularity, DISC applications are hard to test. In recent…

Software Engineering · Computer Science 2021-03-10 Qian Zhang , Jiyuan Wang , Muhammad Ali Gulzar , Rohan Padhye , Miryung Kim
‹ Prev 1 2 3 10 Next ›