Основные понятия
The author proposes an automated approach using test case mutation to enhance security testing for RESTful APIs, aiming to generate new test cases and mock components efficiently.
Аннотация
The paper focuses on automating security testing for RESTful APIs through test case mutation. It introduces 17 specialized mutation operators and evaluates their effectiveness in detecting vulnerabilities. The algorithm presented generates mutants that mimic possible attacks, enhancing code coverage and uncovering weaknesses.
The study includes four case studies to evaluate the algorithm's performance, effectiveness, and scalability. Results show that the strategies used are successful in generating mutants, detecting vulnerabilities, and increasing code coverage. The algorithm scales well with the size of the initial test case set and demonstrates quick execution times even with large datasets.
Статистика
We collected 16603 HTTP messages for C1, 76220 for C2, and 10000 for C3 and C4.
The algorithm generated mutants with varying numbers of original test cases (10 to 100) across different services.
Mutants were effective in detecting weaknesses with an average increase in line coverage of 18.4%.
Strategies S0, S1, and S2 produced mutants with varying success rates in detecting vulnerabilities.
Execution times were measured based on the size of the initial test case set TC and the length of the test cases.
Цитаты
"The focus of this paper is on automating the security testing of RESTful APIs." - Sebastien Salva & Jarod Sue
"Our results demonstrate its capability to construct hundreds of test cases and mock components within minutes." - Sebastien Salva & Jarod Sue