A Black Box Tool for Robustness Testing of REST Services

Detalhes bibliográficos
Autor(a) principal: Laranjeiro, Nuno
Data de Publicação: 2021
Outros Autores: Agnelo, João, Bernardino, Jorge
Tipo de documento: Artigo
Idioma: eng
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10316/100830
https://doi.org/10.1109/ACCESS.2021.3056505
Resumo: REST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users.
id RCAP_0dbe0e167b3e5390b39fdee1d44b08a2
oai_identifier_str oai:estudogeral.uc.pt:10316/100830
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling A Black Box Tool for Robustness Testing of REST ServicesRESTRESTfulweb APIweb servicesrobustness testingREST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users.2021info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10316/100830http://hdl.handle.net/10316/100830https://doi.org/10.1109/ACCESS.2021.3056505eng2169-3536Laranjeiro, NunoAgnelo, JoãoBernardino, Jorgeinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2022-07-13T21:06:02Zoai:estudogeral.uc.pt:10316/100830Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T21:18:08.126415Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv A Black Box Tool for Robustness Testing of REST Services
title A Black Box Tool for Robustness Testing of REST Services
spellingShingle A Black Box Tool for Robustness Testing of REST Services
Laranjeiro, Nuno
REST
RESTful
web API
web services
robustness testing
title_short A Black Box Tool for Robustness Testing of REST Services
title_full A Black Box Tool for Robustness Testing of REST Services
title_fullStr A Black Box Tool for Robustness Testing of REST Services
title_full_unstemmed A Black Box Tool for Robustness Testing of REST Services
title_sort A Black Box Tool for Robustness Testing of REST Services
author Laranjeiro, Nuno
author_facet Laranjeiro, Nuno
Agnelo, João
Bernardino, Jorge
author_role author
author2 Agnelo, João
Bernardino, Jorge
author2_role author
author
dc.contributor.author.fl_str_mv Laranjeiro, Nuno
Agnelo, João
Bernardino, Jorge
dc.subject.por.fl_str_mv REST
RESTful
web API
web services
robustness testing
topic REST
RESTful
web API
web services
robustness testing
description REST services are nowadays being used to support many businesses, with most major companies exposing their services via REST interfaces (e.g., Google, Amazon, Instagram, and Slack). In this type of scenarios, heterogeneity is prevalent and software is sometimes exposed to unexpected conditions that may activate residual bugs, leading service operations to fail. Such failures may lead to nancial or reputation losses (e.g., information disclosure). Although techniques and tools for assessing robustness have been thoroughly studied and applied to a large diversity of domains, REST services still lack practical approaches that specialize in robustness evaluation. In this paper, we present a tool (named bBOXRT) for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions.We used bBOXRT to evaluate an heterogeneous set of 52 REST services that comprise 1,351 operations and t in distinct categories (e.g., public, private, in-house).We were able to disclose several different types of robustness problems, including issues in services with strong reliability requirements and also a few security vulnerabilities. The results show that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users.
publishDate 2021
dc.date.none.fl_str_mv 2021
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10316/100830
http://hdl.handle.net/10316/100830
https://doi.org/10.1109/ACCESS.2021.3056505
url http://hdl.handle.net/10316/100830
https://doi.org/10.1109/ACCESS.2021.3056505
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2169-3536
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799134076803743744

Registros relacionados