2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) 2020
DOI: 10.1109/icst46399.2020.00046
|View full text |Cite
|
Sign up to set email alerts
|

Checking Security Properties of Cloud Service REST APIs

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
27
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 43 publications
(27 citation statements)
references
References 7 publications
0
27
0
Order By: Relevance
“…• 200 OK responses must have a non-empty body [4] • GET fails after unsuccessful POST (resource-leak rule) [4] In addition to input structure, API schemas document the expected content and structure of API responses and the relationship between endpoints. OpenAPI schemas extend HTTP semantics to include further schema-specific testable properties, including:…”
Section: Standards Imply Semantic Propertiesmentioning
confidence: 99%
See 3 more Smart Citations
“…• 200 OK responses must have a non-empty body [4] • GET fails after unsuccessful POST (resource-leak rule) [4] In addition to input structure, API schemas document the expected content and structure of API responses and the relationship between endpoints. OpenAPI schemas extend HTTP semantics to include further schema-specific testable properties, including:…”
Section: Standards Imply Semantic Propertiesmentioning
confidence: 99%
“…• Response has undeclared status code • Non-conforming requests are rejected (negative testing) [30] • No information leaks from unauthorised requests [4,20] Information disclosure vulnerabilities such as insecure direct object references can be detected by making two sequences of requests.…”
Section: Standards Imply Semantic Propertiesmentioning
confidence: 99%
See 2 more Smart Citations
“…Automated testing of RESTful web APIs is an active research topic [5]- [10]. Most techniques in the domain follow a black-box approach, where the specification of the API under test (e.g., an OAS document) is used to drive the generation of test cases [6]- [8], [10]. Essentially, these approaches exercise the API using (pseudo) random test data.…”
Section: Introductionmentioning
confidence: 99%