ASE 2023
Mon 11 - Fri 15 September 2023 Kirchberg, Luxembourg
Tue 12 Sep 2023 15:42 - 15:54 at Room D - Web Development 1 Chair(s): Ben Hermann

The microservice paradigm is a popular software development pattern that breaks down a large application into smaller, independent services. While this approach offers several advantages, such as scalability, agility, and flexibility, it also introduces new security challenges. This paper presents a novel approach to securing microservice architectures using fuzz testing. Fuzz testing is known to find security vulnerabilities in software by feeding it with unexpected or random inputs. In this paper, we propose a zero-config fuzz test generation technique for microservices that can maximize coverage of internal states by mutating the frontend requests and the backend responses from dependent services. We also present the results of our fuzz testing, which reported and got fixed thousands of security vulnerabilities in real-world microservice applications.

Pre-print (ase23.pdf)176KiB
Slides (Slides.pdf)1.95MiB

Tue 12 Sep

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

15:30 - 17:00
15:30
12m
Talk
Adaptive REST API Testing with Reinforcement Learning
Research Papers
Myeongsoo Kim Georgia Institute of Technology, Saurabh Sinha IBM Research, Alessandro Orso Georgia Institute of Technology
Pre-print File Attached
15:42
12m
Talk
Zero-Config Fuzzing for Microservices
Industry Showcase (Papers)
Wei Wang Google, Inc., Andrei Benea Google, Franjo Ivančić Google
Pre-print File Attached
15:54
12m
Talk
Automatic Extraction of Security-Rich Dataflow Diagrams for Microservice Applications written in Java
Journal-first Papers
Simon Schneider Hamburg University of Technology, Riccardo Scandariato Hamburg University of Technology
16:06
12m
Talk
Increasing the Responsiveness of Web Applications by Introducing Lazy Loading
Research Papers
Alexi Turcotte Northeastern University, Satyajit Gokhale Northeastern University, Frank Tip Northeastern University
16:18
12m
Talk
SLocator: Localizing the Origin of SQL Queries in Database-Backed Web ApplicationsRecorded talk
Journal-first Papers
Wei Liu Concordia University, Montreal, Canada, Tse-Hsun (Peter) Chen Concordia University
Media Attached
16:30
12m
Talk
Let's Chat to Find the APIs: Connecting Human, LLM and Knowledge Graph through AI ChainRecorded talk
Research Papers
Qing Huang School of Computer Information Engineering, Jiangxi Normal University, Zhenyu Wan Jiangxi Normal University, Zhenchang Xing , Changjing Wang Jiangxi Normal University, Jieshan Chen CSIRO's Data61, Xiwei (Sherry) Xu CSIRO’s Data61, Qinghua Lu CSIRO’s Data61
Media Attached