The microservice software architecture is more scalable and efficient than its monolithic predecessor. Despite its increasing adoption, microservices might expose security concerns and issues that are distinct from those associated with monolithic designs. We propose Microusity, a tool that performs RESTful API testing on a specific type of microservice pattern called back end for front end (BFF). We design a novel approach to trace BFF requests using the port mapping between requests to BFF and the sub-requests sent to back-end microservices. Furthermore, our tool can pinpoint which of the back end service causing the internal server error, which may lead to unhandled errors or vulnerabilities. Microusity provides an error report and a graph visualization that reveal the source of the error and supports developers in comprehension and debugging of the errors. The evaluation of eight software practitioners shows that Microusity and its security test reports are useful for investigating and understanding problems in BFF systems. The prototype tool and the video demo of the tool can be found at https://github.com/MUICT-SERU/MICROUSITY.
翻译:微服务软件架构比其单体前身更具可扩展性和高效性。尽管其应用日益广泛,但微服务可能暴露出与单体设计不同的安全问题和隐患。我们提出Microsity,这是一种对特定微服务模式(即前端后端,BFF)执行RESTful API测试的工具。我们设计了一种新颖的方法,通过BFF请求与发送到后端微服务的子请求之间的端口映射来追踪BFF请求。此外,我们的工具可以精确定位导致内部服务器错误的后端服务,这些错误可能引发未处理的异常或漏洞。Microsity提供错误报告和图形可视化,揭示错误根源,支持开发人员理解和调试错误。对八位软件从业者的评估表明,Microsity及其安全测试报告有助于调查和理解BFF系统中的问题。该工具原型及其演示视频可在https://github.com/MUICT-SERU/MICROUSITY获取。