Modern
web
applications
make
extensive
use
of
API
calls
to
update
the
UI
state
in
response
user
events
or
server-side
changes.
For
such
applications,
API-level
testing
can
play
an
important
role,
in-between
unit-level
and
UI-level
(or
end-to-end)
testing.
Existing
tools
require
specifications
(e.g.,
OpenAPI),
which
often
may
not
be
available
or,
when
available,
inconsistent
with
implementation,
thus
limiting
applicability
automated
applications.
In
this
paper,
we
present
approach
that
leverages
enable
for
Our
technique
navigates
application
under
test
automatically
generates
suite,
along
OpenAPI
specification
describes
application's
APIs
(for
REST-based
applications).
A
key
element
our
solution
is
a
dynamic
inferring
endpoints
path
parameters
via
navigation
directed
probing.
We
evaluated
its
accuracy
effectiveness
"carved"
tests.
results
on
seven
open-source
show
achieves
98%
precision
56%
recall
endpoints.
The
carved
tests,
added
suites
generated
by
two
REST
tools,
increase
statement
coverage
52%
29%
branch
99%
75%,
average.
main
benefits
are:
(1)
it
enables
cases
where
existing
are
inapplicable
(2)
creates
cover
code
efficiently
while
exercising
as
they
would
invoked
from
UI,
augment
suites.
RESTful
APIs
(or
REST
for
short)
represent
a
mainstream
approach
to
design
and
develop
Web
using
the
REpresentational
State
Transfer
architectural
style.
When
their
source
code
is
not
just
partially)
available
or
analysis
across
many
dynamically
allocated
distributed
components
(typical
of
micro-services
architecture)
poses
obstacles
white-box
testing,
black-box
testing
becomes
viable
option.
Black-box
in
fact,
only
assumes
access
system
under
test
with
specific
interface.
This
paper
presents
RESTTESTGEN,
novel
automatically
generate
cases
APIs,
based
on
interface
definition
(in
Swagger).
Input
values
requests
are
generated
each
operation
API
test,
twofold
objective
nominal
execution
scenarios
error
scenarios.
Two
distinct
oracles
deployed
detect
when
reveal
implementation
defects.
Our
empirical
investigation
shows
that
this
effective
revealing
actual
faults
87
real-world
APIs.
Modern
web
services
routinely
provide
REST
APIs
for
clients
to
access
their
functionality.
These
present
unique
challenges
and
opportunities
automated
testing,
driving
the
recent
development
of
many
techniques
tools
that
generate
test
cases
API
endpoints
using
various
strategies.
Understanding
how
these
compare
one
another
is
difficult,
as
they
have
been
evaluated
on
different
benchmarks
metrics.
To
fill
this
gap,
we
performed
an
empirical
study
aimed
understand
landscape
in
testing
guide
future
research
area.
We
first
identified,
through
a
systematic
selection
process,
set
10
state-of-the-art
included
developed
by
both
researchers
practitioners.
then
applied
benchmark
20
real-world
open-source
RESTful
analyzed
performance
terms
code
coverage
achieved
failures
triggered.
This
analysis
allowed
us
identify
strengths,
weaknesses,
limitations
considered
underlying
strategies,
well
implications
our
findings
ACM Transactions on Software Engineering and Methodology,
Journal Year:
2023,
Volume and Issue:
33(1), P. 1 - 41
Published: Aug. 21, 2023
In
industry,
RESTful
APIs
are
widely
used
to
build
modern
Cloud
Applications.
Testing
them
is
challenging,
because
not
only
do
they
rely
on
network
communications,
but
also
deal
with
external
services
like
databases.
Therefore,
there
has
been
a
large
amount
of
research
sprout
in
recent
years
how
automatically
verify
this
kind
web
services.
article,
we
present
comprehensive
review
the
current
state-of-the-art
testing
based
analysis
92
scientific
articles.
These
articles
were
gathered
by
utilizing
search
queries
formulated
around
concept
API
seven
popular
We
eliminated
irrelevant
our
predefined
criteria
and
conducted
snowballing
phase
minimize
possibility
missing
any
relevant
paper.
This
survey
categorizes
summarizes
existing
work
discusses
challenges
verification
APIs.
clearly
shows
an
increasing
interest
among
researchers
field,
from
2017
onward.
However,
still
lot
open
overcome.
RESTful
APIs
are
an
increasingly
common
way
to
expose
software
systems
functionality
and
it
is
therefore
of
high
interest
find
methods
automatically
test
verify
such
APIs.
To
lower
the
barrier
for
industry
adoption,
need
be
straightforward
use
with
a
low
effort.
This
paper
introduces
method
explore
behaviour
API.
done
by
using
automatic
property-based
tests
produced
from
OpenAPI
documents
that
describe
REST
API
under
test.
We
how
this
creates
artifacts
can
leveraged
both
as
generators
source
validation
results
(i.e.,
oracles).
Experimental
results,
on
industrial
open
services,
indicate
approach
effort
finding
real
faults.
Furthermore,
supports
building
additional
knowledge
about
system
exposing
misalignment
specification
implementation.
Since
generated
document
evolves
cases
evolves.
IEEE Access,
Journal Year:
2021,
Volume and Issue:
9, P. 24738 - 24754
Published: Jan. 1, 2021
REST
services
are
nowadays
being
used
to
support
many
businesses,
with
most
major
companies
exposing
their
via
interfaces
(e.g.,
Google,
Amazon,
Instagram,
and
Slack).
In
this
type
of
scenarios,
heterogeneity
is
prevalent
software
sometimes
exposed
unexpected
conditions
that
may
activate
residual
bugs,
leading
service
operations
fail.
Such
failures
lead
financial
or
reputation
losses
information
disclosure).
Although
techniques
tools
for
assessing
robustness
have
been
thoroughly
studied
applied
a
large
diversity
domains,
still
lack
practical
approaches
specialize
in
evaluation.
paper,
we
present
tool
(named
bBOXRT)
performing
tests
over
services,
solely
based
on
minimal
expressed
interface
descriptions.
We
bBOXRT
evaluate
an
heterogeneous
set
52
comprise
1,351
fit
distinct
categories
public,
private,
in-house).
were
able
disclose
several
different
types
problems,
including
issues
strong
reliability
requirements
also
few
security
vulnerabilities.
The
results
show
deployed
preserving
defects
harm
integration,
carrying
vulnerabilities
can
be
exploited
by
malicious
users.
Software Testing Verification and Reliability,
Journal Year:
2022,
Volume and Issue:
32(5)
Published: Jan. 23, 2022
Abstract
RESTful
APIs
(or
REST
for
short)
represent
a
mainstream
approach
to
design
and
develop
web
using
the
REpresentational
State
Transfer
architectural
style.
Black‐box
testing,
which
assumes
only
access
system
under
test
with
specific
interface,
is
viable
option
when
white‐box
testing
impracticable.
This
case
APIs:
their
source
code
usually
not
just
partially)
available,
or
analysis
across
many
dynamically
allocated
distributed
components
(typical
of
micro‐services
architecture)
computationally
challenging.
paper
presents
RestTestGen
,
novel
black‐box
automatically
generate
cases
APIs,
based
on
interface
definition
(an
OpenAPI
specification).
Input
values
requests
are
generated
each
operation
API
twofold
objective
nominal
execution
scenarios
error
scenarios.
Two
distinct
oracles
deployed
detect
reveal
implementation
defects.
While
this
mainly
targeting
research
community,
it
also
interest
developers
because,
as
approach,
universally
applicable
different
programming
languages,
in
external
(compiled
only)
libraries
used
API.
The
validation
our
has
been
performed
more
than
100
real‐world
highlighting
effectiveness
revealing
actual
faults
already
services.
Proceedings of the 44th International Conference on Software Engineering,
Journal Year:
2022,
Volume and Issue:
unknown, P. 1406 - 1417
Published: May 21, 2022
RESTful
APIs
are
arguably
the
most
popular
endpoints
for
accessing
Web
services.
Blackbox
testing
is
one
of
emerging
techniques
ensuring
reliability
APIs.
The
major
challenge
in
need
correct
sequences
API
operation
calls
in-depth
testing.
To
build
meaningful
call
sequences,
researchers
have
proposed
to
learn
and
utilize
dependencies
based
on
OpenAPI
specifications.
However,
these
either
lack
overall
awareness
how
all
connected
or
flexibility
adaptively
fixing
learned
knowledge.
Proceedings of the 44th International Conference on Software Engineering,
Journal Year:
2022,
Volume and Issue:
unknown
Published: May 21, 2022
This
paper
presents
RestCT,
a
systematic
and
fully
automatic
approach
that
adopts
Combinatorial
Testing
(CT)
to
test
RESTful
APIs.
RestCT
is
in
it
covers
tests
not
only
the
interactions
of
certain
number
operations
APIs,
but
also
particular
input-parameters
every
single
operation.
realised
by
novel
two-phase
case
generation
approach,
which
first
generates
constrained
sequence
covering
array
determine
execution
orders
available
operations,
then
applies
an
adaptive
strategy
generate
refine
several
arrays
concretise
each
its
application
relies
on
given
Swagger
specification
The
creation
CT
models
(especially,
inferring
dependency
relationships
both
input-parameters),
cases
are
performed
without
any
human
intervention.
Experimental
results
11
real-world
APIs
demonstrate
effectiveness
efficiency
RestCT.
In
particular,
can
find
eight
new
bugs,
where
one
them
be
triggered
state-of-the-art
testing
tool
Scientific Reports,
Journal Year:
2023,
Volume and Issue:
13(1)
Published: Jan. 25, 2023
Abstract
Discovering
malicious
packets
amid
a
cloud
of
normal
activity,
whether
you
use
an
IDS
or
gather
and
analyze
machine
device
log
files
on
company
infrastructure,
may
be
challenging
time
consuming.
The
vulnerability
landscape
is
rapidly
evolving,
it
will
only
become
worse
as
more
developing
technologies,
such
IoT,
Industrial
Automation,
CPS,
Digital
Twins,
etc
are
digitally
connected.
A
honey
trap
aids
in
identifying
easily
as,
after
few
rapid
calibrations
to
eliminate
false
positives.
Besides
analyzing
reporting
particular
invasion
patterns
toolkits
exploited,
also
assists
preventing
access
actual
devices
by
simulating
the
genuine
systems
applications
functioning
network
thus
delaying
well
baffling
invader.
In
order
evaluate
hackers’
behavior,
ensemble
research
honeypot
detectors
has
been
deployed
our
work.
This
paper
delivers
robust
outline
deployment
containerized
deployment,
direct
consequence,
these
portable,
durable,
simple
deploy
administer.
instrumented
approach
was
monitored
generated
countless
data
points
which
significant
judgments
about
malevolent
users’
activities
purpose
could
inferred.
ACM Transactions on Software Engineering and Methodology,
Journal Year:
2023,
Volume and Issue:
32(6), P. 1 - 45
Published: May 13, 2023
RESTful
APIs
are
a
type
of
web
service
that
widely
used
in
industry.
In
the
past
few
years,
lot
effort
research
community
has
been
spent
designing
novel
techniques
to
automatically
fuzz
those
find
faults
them.
Many
real
were
found
large
variety
APIs.
However,
usually
analyzed
fuzzers
treat
as
black-box,
and
no
analysis
what
is
actually
covered
these
systems
done.
Therefore,
although
clearly
useful
for
practitioners,
we
do
not
know
their
current
limitations
actual
effectiveness.
Solving
this
necessary
step
be
able
design
better,
more
efficient,
effective
techniques.
To
address
issue,
article
compare
seven
state-of-the-art
on
18
open
source—1
industrial
1
artificial—RESTful
We
then
analyze
source
code
which
parts
fail
generate
tests.
This
points
clear
fuzzers,
listing
concrete
follow-up
challenges
community.
