Zero-Config Fuzzing for Microservices (ASE 2023 - Industry Showcase (Papers))

Who

Wei Wang, Andrei Benea, Franjo Ivančić

Track

ASE 2023 Industry Showcase (Papers)

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 12 Sep 2023 15:42 - 15:54 at Room D - Web Development 1 Chair(s): Ben Hermann

Abstract

The microservice paradigm is a popular software development pattern that breaks down a large application into smaller, independent services. While this approach offers several advantages, such as scalability, agility, and flexibility, it also introduces new security challenges. This paper presents a novel approach to securing microservice architectures using fuzz testing. Fuzz testing is known to find security vulnerabilities in software by feeding it with unexpected or random inputs. In this paper, we propose a zero-config fuzz test generation technique for microservices that can maximize coverage of internal states by mutating the frontend requests and the backend responses from dependent services. We also present the results of our fuzz testing, which reported and got fixed thousands of security vulnerabilities in real-world microservice applications.

Link to Preprint

https://github.com/wwang0857/ase23/blob/main/ase23.pdf

File attachments

Pre-print (ase23.pdf)	176KiB
Slides (Slides.pdf)	1.95MiB

Wei Wang

Google, Inc.

China

Andrei Benea

Google

Franjo Ivančić