Open Problems in Fuzzing RESTful APIs: A Comparison of Tools
| dc.contributor.author | Zhang, Man | |
| dc.contributor.author | Arcuri, Andrea | |
| dc.date.accessioned | 2023-10-25T06:56:11Z | |
| dc.date.available | 2023-10-25T06:56:11Z | |
| dc.date.created | 2023-05-15T10:59:00Z | |
| dc.date.issued | 2023 | |
| dc.identifier.citation | ACM Transactions on Software Engineering and Methodology. 2023 32(6), 1–45. | en_US |
| dc.identifier.issn | 1049-331X | |
| dc.identifier.uri | https://hdl.handle.net/11250/3098558 | |
| dc.description.abstract | RESTful APIs are a type of web service that are widely used in industry. In the past few years, a lot of effort in the research community has been spent in designing novel techniques to automatically fuzz those APIs to find faults in them. Many real faults were automatically found in a large variety of RESTful APIs. However, usually the analyzed fuzzers treat the APIs as black-box, and no analysis of what is actually covered in these systems is done. Therefore, although these fuzzers are clearly useful for practitioners, we do not know their current limitations and actual effectiveness. Solving this is a necessary step to be able to design better, more efficient, and effective techniques. To address this issue, in this article we compare seven state-of-the-art fuzzers on 18 open source—1 industrial and 1 artificial—RESTful APIs. We then analyze the source code for which parts of these APIs the fuzzers fail to generate tests. This analysis points to clear limitations of these current fuzzers, listing concrete follow-up challenges for the research community. | en_US |
| dc.language.iso | eng | en_US |
| dc.rights | Navngivelse 4.0 Internasjonal | * |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/deed.no | * |
| dc.subject | software engineering | en_US |
| dc.subject | verification | en_US |
| dc.subject | validation | en_US |
| dc.subject | search | en_US |
| dc.subject | automated test generation | en_US |
| dc.subject | SBST | en_US |
| dc.subject | fuzzing | en_US |
| dc.subject | REST | en_US |
| dc.title | Open Problems in Fuzzing RESTful APIs: A Comparison of Tools | en_US |
| dc.title.alternative | Open Problems in Fuzzing RESTful APIs: A Comparison of Tools | en_US |
| dc.type | Peer reviewed | en_US |
| dc.type | Journal article | en_US |
| dc.description.version | publishedVersion | en_US |
| dc.source.volume | 32 | en_US |
| dc.source.journal | ACM Transactions on Software Engineering and Methodology | en_US |
| dc.source.issue | 6 | en_US |
| dc.identifier.doi | 10.1145/3597205 | |
| dc.identifier.cristin | 2147490 | |
| dc.source.articlenumber | 144 | en_US |
| cristin.ispublished | true | |
| cristin.fulltext | original | |
| cristin.qualitycode | 2 |
Tilhørende fil(er)
Denne innførselen finnes i følgende samling(er)
Med mindre annet er angitt, så er denne innførselen lisensiert som Navngivelse 4.0 Internasjonal