Submit

Login Login

Register Register

Home/ Journals/ CMC/ Vol.86, No.3, 2026/ 10.32604/cmc.2025.071511

Table of Content

Open Access iconOpen Access

ARTICLE

A REST API Fuzz Testing Framework Based on GUI Interaction and Specification Completion

Zonglin Li1,#, Xu Zhao2,#, Yan Cao2,*, Yazhe Li3, Yihong Zhang1

1 School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou, 450002, China
2 Key Laboratory of Cyberspace Security, Ministry of Education, Information Engineering University, Zhengzhou, 450001, China
3 School of Business and Commerce, Zhengzhou Business Technicians Institude, Zhengzhou, 450100, China

* Corresponding Author: Yan Cao. Email: email
# These authors contributed equally to this work

Computers, Materials & Continua 2026, 86(3), 95 https://doi.org/10.32604/cmc.2025.071511

Received 06 August 2025; Accepted 10 November 2025; Issue published 12 January 2026

Abstract

With the rapid development of Internet technology, REST APIs (Representational State Transfer Application Programming Interfaces) have become the primary communication standard in modern microservice architectures, raising increasing concerns about their security. Existing fuzz testing methods include random or dictionary-based input generation, which often fail to ensure both syntactic and semantic correctness, and OpenAPI-based approaches, which offer better accuracy but typically lack detailed descriptions of endpoints, parameters, or data formats. To address these issues, this paper proposes the APIDocX fuzz testing framework. It introduces a crawler tailored for dynamic web pages that automatically simulates user interactions to trigger APIs, capturing and extracting parameter information from communication packets. A multi-endpoint parameter adaptation method based on improved Jaccard similarity is then used to generalize these parameters to other potential API endpoints, filling in gaps in OpenAPI specifications. Experimental results demonstrate that the extracted parameters can be generalized with 79.61% accuracy. Fuzz testing using the enriched OpenAPI documents leads to improvements in test coverage, the number of valid test cases generated, and fault detection capabilities. This approach offers an effective enhancement to automated REST API security testing.

Keywords

REST APIs; fuzz testing; OpenAPI specifications

Cite This Article

APA Style
Li, Z., Zhao, X., Cao, Y., Li, Y., Zhang, Y. (2026). A REST API Fuzz Testing Framework Based on GUI Interaction and Specification Completion. Computers, Materials & Continua, 86(3), 95. https://doi.org/10.32604/cmc.2025.071511
Vancouver Style
Li Z, Zhao X, Cao Y, Li Y, Zhang Y. A REST API Fuzz Testing Framework Based on GUI Interaction and Specification Completion. Comput Mater Contin. 2026;86(3):95. https://doi.org/10.32604/cmc.2025.071511
IEEE Style
Z. Li, X. Zhao, Y. Cao, Y. Li, and Y. Zhang, “A REST API Fuzz Testing Framework Based on GUI Interaction and Specification Completion,” Comput. Mater. Contin., vol. 86, no. 3, pp. 95, 2026. https://doi.org/10.32604/cmc.2025.071511
BibTex EndNote RIS



cc Copyright © 2026 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

  • 198

    View

  • 38

    Download

  • 0

    Like

Related articles

Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link