Towards Security-Aware Microservices: On Extracting Endpoint Data Access Operations to Determine Access Rights

Abdelfattah, Amr S.; Schiewe, Micah; Curtis, Jacob; Černý, Tomáš; Song, Eun-Jee

doi:10.5220/0011707500003488

Cited by 2 publications

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static and dynamic information each necessitate more specific extraction methods. Extracting static endpoints involves applying analysis techniques to the source code, which requires either customization for the specific programming language or the adoption of a polyglot technique capable of accommodating multiple programming languages in a more abstract manner, as demonstrated in [24,25]. Conversely, extracting dynamic endpoints requires analyzing traces and log information generated by specific systems such as Jaeger and SkyWalking.…”

Section: Test Coverage Methodologymentioning

confidence: 99%

Test Coverage in Microservice Systems: An Automated Approach to E2E and API Test Coverage Metrics

Abdelfattah,

Cerny,

Yero

et al. 2024

Electronics

Self Cite

View full text Add to dashboard Cite

Test coverage is a critical aspect of the software development process, aiming for overall confidence in the product. When considering cloud-native systems, testing becomes complex, as it becomes necessary to deal with multiple distributed microservices that are developed by different teams and may change quite rapidly. In such a dynamic environment, it is important to track test coverage. This is especially relevant for end-to-end (E2E) and API testing, as these might be developed by teams distinct from microservice developers. Moreover, indirection exists in E2E, where the testers may see the user interface but not know how comprehensive the test suits are. To ensure confidence in health checks in the system, mechanisms and instruments are needed to indicate the test coverage level. Unfortunately, there is a lack of such mechanisms for cloud-native systems. This manuscript introduces test coverage metrics for evaluating the extent of E2E and API test suite coverage for microservice endpoints. It elaborates on automating the calculation of these metrics with access to microservice codebases and system testing traces, delves into the process, and offers feedback with a visual perspective, emphasizing test coverage across microservices. To demonstrate the viability of the proposed approach, we implement a proof-of-concept tool and perform a case study on a well-established system benchmark assessing existing E2E and API test suites with regard to test coverage using the proposed endpoint metrics. The results of endpoint coverage reflect the diverse perspectives of both testing approaches. API testing achieved 91.98% coverage in the benchmark, whereas E2E testing achieved 45.42%. Combining both coverage results yielded a slight increase to approximately 92.36%, attributed to a few endpoints tested exclusively through one testing approach, not covered by the other.

show abstract

Section: Test Coverage Methodologymentioning

confidence: 99%