The focus of this paper is on automating the security testing of RESTful APIs. The testing stage of this specific kind of components is often performed manually, and this is yet considered as a long and difficult activity. This paper proposes an automated approach to help developers generate test cases for experimenting with each service in isolation. This approach is based upon the notion of test case mutation, which automatically generates new test cases from an original test case set. Test case mutation operators perform slight test case modifications to mimic possible failures or to test the component under test with new interactions. In this paper, we examine test case mutation operators for RESTful APIs and define 17 operators specialised in security testing. Then, we present our test case mutation algorithm. We evaluate its effectiveness and performance on four web service compositions.

翻译：本文聚焦于RESTful API的安全测试自动化。这类组件的测试阶段通常由人工完成，且长期被视为耗时且复杂的工作。本文提出一种自动化方法，帮助开发人员为单个服务的独立实验生成测试用例。该方法基于测试用例变异思想，通过原始测试用例集自动生成新测试用例。测试用例变异算子通过微小修改模拟潜在故障，或以新的交互方式测试被测组件。本文针对RESTful API定义了17种专门用于安全测试的测试用例变异算子，并进一步提出测试用例变异算法。我们在四个Web服务组合上评估了该方法的有效性和性能。