Tao Zheng¹, Rui Tang^1,2,3, Xingshu Chen^1,2,3,*, Changxiang Shen¹

CMC-Computers, Materials & Continua, Vol.81, No.1, pp. 1595-1612, 2024, DOI:10.32604/cmc.2024.055180 - 15 October 2024

Abstract RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by More >

Ziqi Wang^*, Weihan Tian, Baojiang Cui

CMC-Computers, Materials & Continua, Vol.78, No.2, pp. 1797-1820, 2024, DOI:10.32604/cmc.2023.047051 - 27 February 2024

Abstract The API used to access cloud services typically follows the Representational State Transfer (REST) architecture style. RESTful architecture, as a commonly used Application Programming Interface (API) architecture paradigm, not only brings convenience to platforms and tenants, but also brings logical security challenges. Security issues such as quota bypass and privilege escalation are closely related to the design and implementation of API logic. Traditional code level testing methods are difficult to construct a testing model for API logic and test samples for in-depth testing of API logic, making it difficult to detect such logical vulnerabilities. We… More >

Wang Hui¹, Sun Guang-Yu^2,5, Zhang Qin-Yan², Liu Kai-Min³, Xi Meng³, Zhang Yuan-Yuan⁴

Intelligent Automation & Soft Computing, Vol.25, No.3, pp. 573-583, 2019, DOI:10.31209/2019.100000112

Abstract With the current explosion of mobile applications and smart devices, more organizations are beginning to expose Web APIs, which makes APIs more widely used. How can these APIs be managed and utilized safely and effectively for businesses? It is not easy to say. Today's Web services mainly include traditional structured WSDL and unstructured RESTful. A RESTful architecture can effectively constrain and help to achieve a simpler, lighter, and more scalable system. How to uniformly organize and merge RESTful APIs is also a problem to be solved. To solve the above problems, this article has designed More >