With many businesses depending on communications between digital services, well-specified application programming interfaces (APIs) are used to facilitate this. However, as these APIs form a point of entry to critical applications, they are an attractive target for malicious actors. Therefore, thorough testing of these APIs is desired. With the growing number of APIs available for applications with increasing complexity, this is a challenge calling for automation.
In this workshop, TNO presents WuppieFuzz, an open-source tool that can test applications exposing a REST API by using fuzz testing techniques. Fuzz testing, or fuzzing, allows for automated testing by generating seemingly random inputs to reach far in the program under test. Further, for the generation for even smarter inputs, it allows for the use of coverage feedback for applications written in Java, JavaScript and Python, while extensions for other languages are possible. The workshop leaders will share experiences using fuzzers in real-life use cases and let the participants try the tool themselves. This will give insight in how this type of tooling can be used for a secure software development cycle, supply chain quality control or penetration testing, in order to provide more secure digital services.
