RESTTESTGEN: Automated Black-Box Testing of RESTful APIs

Опубликована: Авг. 5, 2020

RESTful APIs (or REST for short) represent a mainstream approach to design and develop Web using the REpresentational State Transfer architectural style. When their source code is not just partially) available or analysis across many dynamically allocated distributed components (typical of micro-services architecture) poses obstacles white-box testing, black-box testing becomes viable option. Black-box in fact, only assumes access system under test with specific interface. This paper presents RESTTESTGEN, novel automatically generate cases APIs, based on interface definition (in Swagger). Input values requests are generated each operation API test, twofold objective nominal execution scenarios error scenarios. Two distinct oracles deployed detect when reveal implementation defects. Our empirical investigation shows that this effective revealing actual faults 87 real-world APIs.

Язык: Английский

---

Automated test generation for REST APIs: no time to rest yet

Опубликована: Июль 15, 2022

Modern web services routinely provide REST APIs for clients to access their functionality. These present unique challenges and opportunities automated testing, driving the recent development of many techniques tools that generate test cases API endpoints using various strategies. Understanding how these compare one another is difficult, as they have been evaluated on different benchmarks metrics. To fill this gap, we performed an empirical study aimed understand landscape in testing guide future research area. We first identified, through a systematic selection process, set 10 state-of-the-art included developed by both researchers practitioners. then applied benchmark 20 real-world open-source RESTful analyzed performance terms code coverage achieved failures triggered. This analysis allowed us identify strengths, weaknesses, limitations considered underlying strategies, well implications our findings

Язык: Английский

---

Testing RESTful APIs: A Survey

ACM Transactions on Software Engineering and Methodology, Год журнала: 2023, Номер 33(1), С. 1 - 41

Опубликована: Авг. 21, 2023

In industry, RESTful APIs are widely used to build modern Cloud Applications. Testing them is challenging, because not only do they rely on network communications, but also deal with external services like databases. Therefore, there has been a large amount of research sprout in recent years how automatically verify this kind web services. article, we present comprehensive review the current state-of-the-art testing based analysis 92 scientific articles. These articles were gathered by utilizing search queries formulated around concept API seven popular We eliminated irrelevant our predefined criteria and conducted snowballing phase minimize possibility missing any relevant paper. This survey categorizes summarizes existing work discusses challenges verification APIs. clearly shows an increasing interest among researchers field, from 2017 onward. However, still lot open overcome.

Язык: Английский

---

QuickREST: Property-based Test Generation of OpenAPI-Described RESTful APIs

Опубликована: Авг. 5, 2020

RESTful APIs are an increasingly common way to expose software systems functionality and it is therefore of high interest find methods automatically test verify such APIs. To lower the barrier for industry adoption, need be straightforward use with a low effort. This paper introduces method explore behaviour API. done by using automatic property-based tests produced from OpenAPI documents that describe REST API under test. We how this creates artifacts can leveraged both as generators source validation results (i.e., oracles). Experimental results, on industrial open services, indicate approach effort finding real faults. Furthermore, supports building additional knowledge about system exposing misalignment specification implementation. Since generated document evolves cases evolves.

Язык: Английский

---

A Black Box Tool for Robustness Testing of REST Services

IEEE Access, Год журнала: 2021, Номер 9, С. 24738 - 24754

Опубликована: Янв. 1, 2021

REST services are nowadays being used to support many businesses, with most major companies exposing their via interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent software sometimes exposed unexpected conditions that may activate residual bugs, leading service operations fail. Such failures lead financial or reputation losses information disclosure). Although techniques tools for assessing robustness have been thoroughly studied applied a large diversity domains, still lack practical approaches specialize in evaluation. paper, we present tool (named bBOXRT) performing tests over services, solely based on minimal expressed interface descriptions. We bBOXRT evaluate an heterogeneous set 52 comprise 1,351 fit distinct categories public, private, in-house). were able disclose several different types problems, including issues strong reliability requirements also few security vulnerabilities. The results show deployed preserving defects harm integration, carrying vulnerabilities can be exploited by malicious users.

Язык: Английский

---

RESTest: automated black-box testing of RESTful web APIs

Опубликована: Июль 8, 2021

Testing RESTful APIs thoroughly is critical due to their key role in software integration. Existing tools for the automated generation of test cases this domain have shown great promise, but applicability limited as they mostly rely on random inputs, i.e., fuzzing. In paper, we present RESTest, an open source black-box testing framework web APIs. Based API specification, RESTest supports using different techniques such fuzzing and constraint-based testing, among others. developed a can be easily extended with new case generators writers programming languages. We evaluate tool two scenarios: offline online testing. former, show how efficiently generate realistic (test inputs oracles) that uncover bugs real-world latter, RESTest's capabilities continuous monitoring framework. Demo video: https://youtu.be/1f_tjdkaCKo.

Язык: Английский

---

Automated black‐box testing of nominal and error scenarios in RESTful APIs

Software Testing Verification and Reliability, Год журнала: 2022, Номер 32(5)

Опубликована: Янв. 23, 2022

Abstract RESTful APIs (or REST for short) represent a mainstream approach to design and develop web using the REpresentational State Transfer architectural style. Black‐box testing, which assumes only access system under test with specific interface, is viable option when white‐box testing impracticable. This case APIs: their source code usually not just partially) available, or analysis across many dynamically allocated distributed components (typical of micro‐services architecture) computationally challenging. paper presents RestTestGen , novel black‐box automatically generate cases APIs, based on interface definition (an OpenAPI specification). Input values requests are generated each operation API twofold objective nominal execution scenarios error scenarios. Two distinct oracles deployed detect reveal implementation defects. While this mainly targeting research community, it also interest developers because, as approach, universally applicable different programming languages, in external (compiled only) libraries used API. The validation our has been performed more than 100 real‐world highlighting effectiveness revealing actual faults already services.

Язык: Английский

---

Morest

Proceedings of the 44th International Conference on Software Engineering, Год журнала: 2022, Номер unknown, С. 1406 - 1417

Опубликована: Май 21, 2022

RESTful APIs are arguably the most popular endpoints for accessing Web services. Blackbox testing is one of emerging techniques ensuring reliability APIs. The major challenge in need correct sequences API operation calls in-depth testing. To build meaningful call sequences, researchers have proposed to learn and utilize dependencies based on OpenAPI specifications. However, these either lack overall awareness how all connected or flexibility adaptively fixing learned knowledge.

Язык: Английский

---

Combinatorial testing of RESTful APIs

Proceedings of the 44th International Conference on Software Engineering, Год журнала: 2022, Номер unknown

Опубликована: Май 21, 2022

This paper presents RestCT, a systematic and fully automatic approach that adopts Combinatorial Testing (CT) to test RESTful APIs. RestCT is in it covers tests not only the interactions of certain number operations APIs, but also particular input-parameters every single operation. realised by novel two-phase case generation approach, which first generates constrained sequence covering array determine execution orders available operations, then applies an adaptive strategy generate refine several arrays concretise each its application relies on given Swagger specification The creation CT models (especially, inferring dependency relationships both input-parameters), cases are performed without any human intervention. Experimental results 11 real-world APIs demonstrate effectiveness efficiency RestCT. In particular, can find eight new bugs, where one them be triggered state-of-the-art testing tool

Язык: Английский

---

Containerized cloud-based honeypot deception for tracking attackers

Scientific Reports, Год журнала: 2023, Номер 13(1)

Опубликована: Янв. 25, 2023

Abstract Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine device log files on company infrastructure, may be challenging time consuming. The vulnerability landscape is rapidly evolving, it will only become worse as more developing technologies, such IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying easily as, after few rapid calibrations to eliminate false positives. Besides analyzing reporting particular invasion patterns toolkits exploited, also assists preventing access actual devices by simulating the genuine systems applications functioning network thus delaying well baffling invader. In order evaluate hackers’ behavior, ensemble research honeypot detectors has been deployed our work. This paper delivers robust outline deployment containerized deployment, direct consequence, these portable, durable, simple deploy administer. instrumented approach was monitored generated countless data points which significant judgments about malevolent users’ activities purpose could inferred.

Язык: Английский

---