Realistic traffic generation for efficient web application fuzzing
Black-box API testing is a common way to locate reliability and security bugs in closed-source RESTful services. Such testing technique relies heavily on the OpenAPI specification of the RESTful services, which are often not provided. Therefore, a prototype tool was developed to generate OpenAPI spe...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2022
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/156640 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-156640 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1566402022-04-21T08:09:33Z Realistic traffic generation for efficient web application fuzzing Duan, Yiting Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering::Software::Software engineering Black-box API testing is a common way to locate reliability and security bugs in closed-source RESTful services. Such testing technique relies heavily on the OpenAPI specification of the RESTful services, which are often not provided. Therefore, a prototype tool was developed to generate OpenAPI specification of a target RESTful service by processing its traffic. Previously, the traffic fed into the formatter tool was manually generated by interacting with the target service by a real user. In this project, we use Selenium, an automated web testing framework to generate such traffic in a reliable and efficient way. Meanwhile, we offer a significant improvement to the current formatter by supporting path parameter identification. Lastly, we evaluate the quality between manually written OpenAPI specification by examining the source code, and the quality of generated specification by processing its traffic. Bachelor of Engineering (Computer Science) 2022-04-21T08:09:33Z 2022-04-21T08:09:33Z 2022 Final Year Project (FYP) Duan, Y. (2022). Realistic traffic generation for efficient web application fuzzing. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156640 https://hdl.handle.net/10356/156640 en SCSE21-0225 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Software::Software engineering |
| spellingShingle |
Engineering::Computer science and engineering::Software::Software engineering Duan, Yiting Realistic traffic generation for efficient web application fuzzing |
| description |
Black-box API testing is a common way to locate reliability and security bugs in closed-source RESTful services. Such testing technique relies heavily on the OpenAPI specification of the RESTful services, which are often not provided. Therefore, a prototype tool was developed to generate OpenAPI specification of a target RESTful service by processing its traffic.
Previously, the traffic fed into the formatter tool was manually generated by interacting with the target service by a real user. In this project, we use Selenium, an automated web testing framework to generate such traffic in a reliable and efficient way. Meanwhile, we offer a significant improvement to the current formatter by supporting path parameter identification. Lastly, we evaluate the quality between manually written OpenAPI specification by examining the source code, and the quality of generated specification by processing its traffic. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Duan, Yiting |
| format |
Final Year Project |
| author |
Duan, Yiting |
| author_sort |
Duan, Yiting |
| title |
Realistic traffic generation for efficient web application fuzzing |
| title_short |
Realistic traffic generation for efficient web application fuzzing |
| title_full |
Realistic traffic generation for efficient web application fuzzing |
| title_fullStr |
Realistic traffic generation for efficient web application fuzzing |
| title_full_unstemmed |
Realistic traffic generation for efficient web application fuzzing |
| title_sort |
realistic traffic generation for efficient web application fuzzing |
| publisher |
Nanyang Technological University |
| publishDate |
2022 |
| url |
https://hdl.handle.net/10356/156640 |
| _version_ |
1731235725227065344 |