restler-fuzzer

restler-fuzzer

Project Description

RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. For a given cloud service with an OpenAPI/Swagger specification, RESTler analyzes its entire specification, and then generates and executes tests that exercise the service through its REST API.

RESTler intelligently infers producer-consumer dependencies among request types from the Swagger specification. During testing, it checks for specific classes of bugs and dynamically learns how the service behaves from prior service responses. This intelligence allows RESTler to explore deeper service states reachable only through specific request sequences and to find more bugs.

RESTler is described in these peer-reviewed research papers:

  1. RESTler: Stateful REST API Fuzzing (ICSE'2019)
  2. Checking Security Properties of Cloud Service REST APIs (ICST'2020)
  3. Differential Regression Testing for REST APIs (ISSTA'2020)
  4. Intelligent REST API Data Fuzzing (FSE'2020)

If you use RESTler in your research, please cite the (default) ICSE'2019 paper (BibTeX).

RESTler was created at Microsoft Research and is still under active development.

For an overview and demo on how to get started, see Webinar - Fuzzing to Improve the Security and Reliability of Cloud Services.

Links

Download source code as [.zip file] [.tar.gz file]
Documentation: [README]