Conference ProceedingsOPEN ACCESS

Zero-Config Fuzzing for Microservices

Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 (2023) 1840-1845
DOI: 10.1109/ASE56229.2023.00036
8Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

The microservice paradigm is a popular software development pattern that breaks down a large application into smaller, independent services. While this approach offers several advantages, such as scalability, agility, and flexibility, it also introduces new security challenges. This paper presents a novel approach to securing microservice architectures using fuzz testing. Fuzz testing is known to find programming errors in software by feeding it with unexpected or random inputs. In this paper, we propose a zero-config fuzz test generation technique for microservices that can maximize coverage of internal states by mutating both the incoming requests and the backend responses from dependent services. We successfully deployed our technique to over 95 % of C++ services built on Google's internal microservice platform. It reported and got fixed thousands of errors in real-world microservice applications.

Author supplied keywords

Cite

CITATION STYLE

APA

Wang, W., Benea, A., & Ivančić, F. (2023). Zero-Config Fuzzing for Microservices. In Proceedings - 2023 38th IEEE/ACM International Conference on Automated Software Engineering, ASE 2023 (pp. 1840–1845). Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ASE56229.2023.00036

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free