ASE 2023
Mon 11 - Fri 15 September 2023 Kirchberg, Luxembourg
Tue 12 Sep 2023 15:30 - 15:42 at Room D - Web Development 1 Chair(s): Ben Hermann

Modern web services increasingly rely on REST APIs. Effectively testing these APIs is challenging due to the vast search space to be explored, which involves selecting API operations for sequence creation, choosing parameters for each operation from a potentially large set of parameters, and sampling values from the virtually infinite parameter input space. Current testing tools lack efficient exploration mechanisms, treating all operations and parameters equally (i.e., not considering their importance or complexity) and lacking prioritization strategies. Furthermore, these tools struggle when response schemas are absent in the specification or exhibit variants. To address these limitations, we present an adaptive REST API testing technique that incorporates reinforcement learning to prioritize operations and parameters during exploration. Our approach dynamically analyzes request and response data to inform dependent parameters and adopts a sampling-based strategy for efficient processing of dynamic API feedback. We evaluated our technique on ten RESTful services, comparing it against state-of-the-art REST testing tools with respect to code coverage achieved, requests generated, operations covered, and service failures triggered. Additionally, we performed an ablation study on prioritization, dynamic feedback analysis, and sampling to assess their individual effects. Our findings demonstrate that our approach outperforms existing REST API testing tools in terms of effectiveness, efficiency, and fault-finding ability.

Presentation Slides (ARAT-RL (ASE 2023).pdf)1.69MiB

Tue 12 Sep

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

15:30 - 17:00
15:30
12m
Talk
Adaptive REST API Testing with Reinforcement Learning
Research Papers
Myeongsoo Kim Georgia Institute of Technology, Saurabh Sinha IBM Research, Alessandro Orso Georgia Institute of Technology
Pre-print File Attached
15:42
12m
Talk
Zero-Config Fuzzing for Microservices
Industry Showcase (Papers)
Wei Wang Google, Inc., Andrei Benea Google, Franjo Ivančić Google
Pre-print File Attached
15:54
12m
Talk
Automatic Extraction of Security-Rich Dataflow Diagrams for Microservice Applications written in Java
Journal-first Papers
Simon Schneider Hamburg University of Technology, Riccardo Scandariato Hamburg University of Technology
16:06
12m
Talk
Increasing the Responsiveness of Web Applications by Introducing Lazy Loading
Research Papers
Alexi Turcotte Northeastern University, Satyajit Gokhale Northeastern University, Frank Tip Northeastern University
16:18
12m
Talk
SLocator: Localizing the Origin of SQL Queries in Database-Backed Web ApplicationsRecorded talk
Journal-first Papers
Wei Liu Concordia University, Montreal, Canada, Tse-Hsun (Peter) Chen Concordia University
Media Attached
16:30
12m
Talk
Let's Chat to Find the APIs: Connecting Human, LLM and Knowledge Graph through AI ChainRecorded talk
Research Papers
Qing Huang School of Computer Information Engineering, Jiangxi Normal University, Zhenyu Wan Jiangxi Normal University, Zhenchang Xing , Changjing Wang Jiangxi Normal University, Jieshan Chen CSIRO's Data61, Xiwei (Sherry) Xu CSIRO’s Data61, Qinghua Lu CSIRO’s Data61
Media Attached