Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs
- Autores
- Arcuri, Andrea; Zhang, Man; Seran, Susruthan; Galeotti, Juan Pablo; Golmohammadi, Amid; Duman, Onur; Aldasoro, Agustina; Ghianni, Hernan
- Año de publicación
- 2024
- Idioma
- inglés
- Tipo de recurso
- artículo
- Estado
- versión publicada
- Descripción
- In this paper, we present the latest version 3.0.0 of EVOMASTER, an open-source search-based fuzzer aimed at Web APIs. We discuss and present all its recent improvements, including advanced white-box heuristics, advanced search algorithms, support for databases and external services, as well as dealing with GraphQL and RPC APIs besides the original use case for REST APIs. The tool’s installers have been downloaded more than 3000 times. EVOMASTER is in daily use for fuzzing millions of lines of code in hundreds of APIs in large Fortune 500 companies, such as for example the e-commerce Meituan.
Fil: Arcuri, Andrea. Kristiania University College; Noruega. Oslo Metropolitan University; Noruega
Fil: Zhang, Man. Beihang University; China
Fil: Seran, Susruthan. Kristiania University College; Noruega
Fil: Galeotti, Juan Pablo. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Investigación en Ciencias de la Computación. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Investigación en Ciencias de la Computación; Argentina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina. Kristiania University College; Noruega
Fil: Golmohammadi, Amid. Kristiania University College; Noruega
Fil: Duman, Onur. Kristiania University College; Noruega
Fil: Aldasoro, Agustina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina
Fil: Ghianni, Hernan. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina - Materia
-
Fuzzing
SBST
Web API
Tool - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by/2.5/ar/
- Repositorio
.jpg)
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/261492
Ver los metadatos del registro completo
| id |
CONICETDig_16609001ebdcfc16f999223ca6b382f8 |
|---|---|
| oai_identifier_str |
oai:ri.conicet.gov.ar:11336/261492 |
| network_acronym_str |
CONICETDig |
| repository_id_str |
3498 |
| network_name_str |
CONICET Digital (CONICET) |
| spelling |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIsArcuri, AndreaZhang, ManSeran, SusruthanGaleotti, Juan PabloGolmohammadi, AmidDuman, OnurAldasoro, AgustinaGhianni, HernanFuzzingSBSTWeb APIToolhttps://purl.org/becyt/ford/2.2https://purl.org/becyt/ford/2In this paper, we present the latest version 3.0.0 of EVOMASTER, an open-source search-based fuzzer aimed at Web APIs. We discuss and present all its recent improvements, including advanced white-box heuristics, advanced search algorithms, support for databases and external services, as well as dealing with GraphQL and RPC APIs besides the original use case for REST APIs. The tool’s installers have been downloaded more than 3000 times. EVOMASTER is in daily use for fuzzing millions of lines of code in hundreds of APIs in large Fortune 500 companies, such as for example the e-commerce Meituan.Fil: Arcuri, Andrea. Kristiania University College; Noruega. Oslo Metropolitan University; NoruegaFil: Zhang, Man. Beihang University; ChinaFil: Seran, Susruthan. Kristiania University College; NoruegaFil: Galeotti, Juan Pablo. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Investigación en Ciencias de la Computación. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Investigación en Ciencias de la Computación; Argentina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina. Kristiania University College; NoruegaFil: Golmohammadi, Amid. Kristiania University College; NoruegaFil: Duman, Onur. Kristiania University College; NoruegaFil: Aldasoro, Agustina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; ArgentinaFil: Ghianni, Hernan. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; ArgentinaSpringer2024-11info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501info:ar-repo/semantics/articuloapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/261492Arcuri, Andrea; Zhang, Man; Seran, Susruthan; Galeotti, Juan Pablo; Golmohammadi, Amid; et al.; Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs; Springer; Automated Software Engineering; 32; 1; 11-2024; 1-110928-8910CONICET DigitalCONICETenginfo:eu-repo/semantics/altIdentifier/url/https://link.springer.com/10.1007/s10515-024-00478-1info:eu-repo/semantics/altIdentifier/doi/10.1007/s10515-024-00478-1info:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-17T11:28:02Zoai:ri.conicet.gov.ar:11336/261492instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-17 11:28:03.206CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
| dc.title.none.fl_str_mv |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| title |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| spellingShingle |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs Arcuri, Andrea Fuzzing SBST Web API Tool |
| title_short |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| title_full |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| title_fullStr |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| title_full_unstemmed |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| title_sort |
Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs |
| dc.creator.none.fl_str_mv |
Arcuri, Andrea Zhang, Man Seran, Susruthan Galeotti, Juan Pablo Golmohammadi, Amid Duman, Onur Aldasoro, Agustina Ghianni, Hernan |
| author |
Arcuri, Andrea |
| author_facet |
Arcuri, Andrea Zhang, Man Seran, Susruthan Galeotti, Juan Pablo Golmohammadi, Amid Duman, Onur Aldasoro, Agustina Ghianni, Hernan |
| author_role |
author |
| author2 |
Zhang, Man Seran, Susruthan Galeotti, Juan Pablo Golmohammadi, Amid Duman, Onur Aldasoro, Agustina Ghianni, Hernan |
| author2_role |
author author author author author author author |
| dc.subject.none.fl_str_mv |
Fuzzing SBST Web API Tool |
| topic |
Fuzzing SBST Web API Tool |
| purl_subject.fl_str_mv |
https://purl.org/becyt/ford/2.2 https://purl.org/becyt/ford/2 |
| dc.description.none.fl_txt_mv |
In this paper, we present the latest version 3.0.0 of EVOMASTER, an open-source search-based fuzzer aimed at Web APIs. We discuss and present all its recent improvements, including advanced white-box heuristics, advanced search algorithms, support for databases and external services, as well as dealing with GraphQL and RPC APIs besides the original use case for REST APIs. The tool’s installers have been downloaded more than 3000 times. EVOMASTER is in daily use for fuzzing millions of lines of code in hundreds of APIs in large Fortune 500 companies, such as for example the e-commerce Meituan. Fil: Arcuri, Andrea. Kristiania University College; Noruega. Oslo Metropolitan University; Noruega Fil: Zhang, Man. Beihang University; China Fil: Seran, Susruthan. Kristiania University College; Noruega Fil: Galeotti, Juan Pablo. Consejo Nacional de Investigaciones Científicas y Técnicas. Oficina de Coordinación Administrativa Ciudad Universitaria. Instituto de Investigación en Ciencias de la Computación. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Instituto de Investigación en Ciencias de la Computación; Argentina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina. Kristiania University College; Noruega Fil: Golmohammadi, Amid. Kristiania University College; Noruega Fil: Duman, Onur. Kristiania University College; Noruega Fil: Aldasoro, Agustina. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina Fil: Ghianni, Hernan. Universidad de Buenos Aires. Facultad de Ciencias Exactas y Naturales. Departamento de Computación; Argentina |
| description |
In this paper, we present the latest version 3.0.0 of EVOMASTER, an open-source search-based fuzzer aimed at Web APIs. We discuss and present all its recent improvements, including advanced white-box heuristics, advanced search algorithms, support for databases and external services, as well as dealing with GraphQL and RPC APIs besides the original use case for REST APIs. The tool’s installers have been downloaded more than 3000 times. EVOMASTER is in daily use for fuzzing millions of lines of code in hundreds of APIs in large Fortune 500 companies, such as for example the e-commerce Meituan. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024-11 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion http://purl.org/coar/resource_type/c_6501 info:ar-repo/semantics/articulo |
| format |
article |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/261492 Arcuri, Andrea; Zhang, Man; Seran, Susruthan; Galeotti, Juan Pablo; Golmohammadi, Amid; et al.; Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs; Springer; Automated Software Engineering; 32; 1; 11-2024; 1-11 0928-8910 CONICET Digital CONICET |
| url |
http://hdl.handle.net/11336/261492 |
| identifier_str_mv |
Arcuri, Andrea; Zhang, Man; Seran, Susruthan; Galeotti, Juan Pablo; Golmohammadi, Amid; et al.; Tool report: EvoMaster—black and white box search-based fuzzing for REST, GraphQL and RPC APIs; Springer; Automated Software Engineering; 32; 1; 11-2024; 1-11 0928-8910 CONICET Digital CONICET |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/https://link.springer.com/10.1007/s10515-024-00478-1 info:eu-repo/semantics/altIdentifier/doi/10.1007/s10515-024-00478-1 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by/2.5/ar/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by/2.5/ar/ |
| dc.format.none.fl_str_mv |
application/pdf application/pdf |
| dc.publisher.none.fl_str_mv |
Springer |
| publisher.none.fl_str_mv |
Springer |
| dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
| reponame_str |
CONICET Digital (CONICET) |
| collection |
CONICET Digital (CONICET) |
| instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
| _version_ |
1843606635923111936 |
| score |
13.001348 |