Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2025.071511
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

ARTICLE

A REST API Fuzz Testing Framework Based on GUI Interaction and Specification Completion

Zonglin Li1,#, Xu Zhao2,#, Yan Cao2,*, Yazhe Li3, Yihong Zhang1
1 School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou, 450002, China
2 Key Laboratory of Cyberspace Security, Ministry of Education, Information Engineering University, Zhengzhou, 450001, China
3 School of Business and Commerce, Zhengzhou Business Technicians Institude, Zhengzhou, 450100, China
* Corresponding Author: Yan Cao. Email: email
# These authors contributed equally to this work

Computers, Materials & Continua https://doi.org/10.32604/cmc.2025.071511

Received 06 August 2025; Accepted 10 November 2025; Published online 22 December 2025

Abstract

With the rapid development of Internet technology, REST APIs (Representational State Transfer Application Programming Interfaces) have become the primary communication standard in modern microservice architectures, raising increasing concerns about their security. Existing fuzz testing methods include random or dictionary-based input generation, which often fail to ensure both syntactic and semantic correctness, and OpenAPI-based approaches, which offer better accuracy but typically lack detailed descriptions of endpoints, parameters, or data formats. To address these issues, this paper proposes the APIDocX fuzz testing framework. It introduces a crawler tailored for dynamic web pages that automatically simulates user interactions to trigger APIs, capturing and extracting parameter information from communication packets. A multi-endpoint parameter adaptation method based on improved Jaccard similarity is then used to generalize these parameters to other potential API endpoints, filling in gaps in OpenAPI specifications. Experimental results demonstrate that the extracted parameters can be generalized with 79.61% accuracy. Fuzz testing using the enriched OpenAPI documents leads to improvements in test coverage, the number of valid test cases generated, and fault detection capabilities. This approach offers an effective enhancement to automated REST API security testing.

Keywords

REST APIs; fuzz testing; OpenAPI specifications

  • 173

    View

  • 27

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link