Pan et al., 2024 - Google Patents
EDEFuzz: A Web API Fuzzer for Excessive Data ExposuresPan et al., 2024
- Document ID
- 10507329232359537492
- Author
- Pan L
- Cohney S
- Murray T
- Pham V
- Publication year
- Publication venue
- Proceedings of the 46th IEEE/ACM International Conference on Software Engineering
External Links
Snippet
APIs often transmit far more data to client applications than they need, and in the context of web applications, often do so over public channels. This issue, termed Excessive Data Exposure (EDE), was OWASP's third most significant API vulnerability of 2019. However …
- 239000008186 active pharmaceutical agent 0 abstract description 107
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3604—Software analysis for verifying properties of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
- G06F11/3414—Workload generation, e.g. scripts, playback
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2201/00—Indexing scheme relating to error detection, to error correction, and to monitoring
- G06F2201/875—Monitoring of systems including the internet
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/50—Computer-aided design
- G06F17/5009—Computer-aided design using simulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce, e.g. shopping or e-commerce
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06Q—DATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Fonseca et al. | Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks | |
| Artzi et al. | Fault localization for dynamic web applications | |
| Tonella et al. | Recent advances in web testing | |
| Jernberg et al. | Getting Started with Chaos Engineering-design of an implementation framework in practice | |
| Hoffman et al. | Grammar‐based test generation with YouGen | |
| Alkhalaf et al. | Viewpoints: differential string analysis for discovering client-and server-side input validation inconsistencies | |
| Zhou et al. | JDAMA: Java database application mutation analyser | |
| Hassan et al. | As code testing: Characterizing test quality in open source ansible development | |
| CN114491560A (en) | Vulnerability detection method and device, storage medium and electronic equipment | |
| Durieux et al. | Fully automated HTML and Javascript rewriting for constructing a self‐healing web proxy | |
| Pan et al. | EDEFuzz: A Web API Fuzzer for Excessive Data Exposures | |
| Kulczynski et al. | ZaligVinder: A generic test framework for string solvers | |
| Belhadi et al. | Random testing and evolutionary testing for fuzzing graphql apis | |
| Jiang et al. | Assuring the model evolution of protocol software specifications by regression testing process improvement | |
| Kim et al. | Finding client-side business flow tampering vulnerabilities | |
| Velasco-Elizondo et al. | Towards detecting MVC architectural smells | |
| Pan et al. | Detecting excessive data exposures in web server responses with metamorphic fuzzing | |
| Briem et al. | Offside: Learning to identify mistakes in boundary conditions | |
| Siavashi et al. | Testing web services with model-based mutation | |
| Belhadi et al. | White-box and black-box fuzzing for GraphQL APIs | |
| Borg et al. | Analyzing networks of issue reports | |
| Soto-Sánchez et al. | A dataset of regressions in web applications detected by end-to-end tests | |
| Romansky et al. | Sourcerer's Apprentice and the study of code snippet migration | |
| CN114003916A (en) | Method, system, terminal and storage medium for testing WEB role longitudinal override vulnerability | |
| Sampath et al. | Advances in Web application testing, 2010–2014 |