Fuzzing-whether generating or mutating inputs-has found many bugs and security vulnerabilities in a wide range of domains. Stateful and highly structured web APIs present significant challenges to traditional fuzzing techniques, as execution feedback is usually limited to a response code instead of code coverage and vulnerabilities of interest include silent information-disclosure in addition to explicit errors.Our tool, Schemathesis, derives structure-and semantics-aware fuzzers from web API schemas in the OpenAPI or GraphQL formats, using property-based testing tools [23]. Derived fuzzers can be incorporated into unit-test suites or run directly, with or without end-user customisation of data generation and semantic checks.We construct the most comprehensive evaluation of web API fuzzers to date, running eight fuzzers against sixteen real-world open source web services. OpenAPI schemas found in the wild have a long tail of rare features and complex structures. Of the tools we evaluated, Schemathesis was the only one to handle more than two-thirds of our target services without a fatal internal error. Schemathesis finds 1.4× to 4.5× more unique defects than the respectively second-best fuzzer for each target, and is the only fuzzer to find defects in four targets.1 https://hypothesis.works/articles/what-is-property-based-testing/ 2 Most PBT libraries call their description of possible values "generators". Because generators are a builtin type in Python, Hypothesis instead names them "strategies".
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.