{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,7,1]],"date-time":"2026-07-01T03:35:39Z","timestamp":1782876939333,"version":"3.54.5"},"reference-count":103,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T00:00:00Z","timestamp":1738713600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T00:00:00Z","timestamp":1738713600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Beasiswa Pendidikan Indonesia"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,4]]},"abstract":"<jats:title>Abstract<\/jats:title>\n          <jats:p>There are around 5.3 billion Internet users, amounting to 65.7% of the global population, and web technology is the backbone of the services delivered via the Internet. To ensure web applications are free from security-related bugs, web developers test the server-side web applications before deploying them to production. The tests are commonly conducted through the interfaces (i.e., Web API) that the applications expose since they are the entry points to the application. Fuzzing is one of the most promising automated software testing techniques suitable for this task; however, the research on (server-side) web application fuzzing has been rather limited compared to binary fuzzing which is researched extensively. This study reviews the state-of-the-art fuzzing frameworks for testing web applications through web API, identifies open challenges, and gives potential future research. We collect papers from seven online repositories of peer-reviewed articles over the last ten years. Compared to other similar studies, our review focuses more deeply on revealing prior work strategies in generating valid HTTP requests for attack surface exploration, utilising security feedback from the Web Under Tests (WUTs), and expanding input spaces to uncover more security-related bugs. The findings of this survey indicate that several crucial challenges need to be solved, such as less effective web instrumentation and the complexity of handling microservice applications. Furthermore, some potential research directions are also provided, such as fuzzing for web client programming. Ultimately, this paper aims to give a good starting point for further research in web API fuzzer.<\/jats:p>","DOI":"10.1007\/s10207-024-00979-w","type":"journal-article","created":{"date-parts":[[2025,2,5]],"date-time":"2025-02-05T13:02:13Z","timestamp":1738760533000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Fuzzing frameworks for server-side web applications: a survey"],"prefix":"10.1007","volume":"24","author":[{"given":"I Putu Arya","family":"Dharmaadi","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Elias","family":"Athanasopoulos","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fatih","family":"Turkmen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2025,2,5]]},"reference":[{"key":"979_CR1","doi-asserted-by":"crossref","unstructured":"Alonso, Juan C.: Automated generation of realistic test inputs for web APIs. en. In: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Athens Greece: ACM, Aug. (2021). pp. 1666\u20131668. https:\/\/dl.acm.org\/doi\/10.1145\/3468264.3473491","DOI":"10.1145\/3468264.3473491"},{"key":"979_CR2","doi-asserted-by":"publisher","unstructured":"Alonso, Juan C. et al.: ARTE: automated generation of realistic test inputs for web APIs. In: IEEE Transactions on Software Engineering. Conference Name: IEEE Transactions on Software Engineering, pp. 348\u2013363. (2023). https:\/\/doi.org\/10.1109\/TSE.2022.3150618","DOI":"10.1109\/TSE.2022.3150618"},{"key":"979_CR3","doi-asserted-by":"publisher","unstructured":"Amankwah, Richard et al.: An empirical comparison of commercial and open-source web vulnerability scanners. en. In: Software: Practice and Experience. pp. 1842\u20131857. (2020). https:\/\/doi.org\/10.1002\/spe.2870. https:\/\/onlinelibrary.wiley.com\/doi\/abs\/10.1002\/spe.2870","DOI":"10.1002\/spe.2870"},{"key":"979_CR4","unstructured":"Zeller, Andreas et al.: The Fuzzing Book. (2023). https:\/\/www.fuzzingbook.org\/"},{"key":"979_CR5","doi-asserted-by":"publisher","unstructured":"Arcuri, A.: EvoMaster: Evolutionary Multi-context Automated System Test Generation\u2019. In: 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST). IEEE pp. 394\u2013397, (2018) https:\/\/doi.org\/10.1109\/ICST.2018.00046","DOI":"10.1109\/ICST.2018.00046"},{"key":"979_CR6","doi-asserted-by":"publisher","unstructured":"Arcuri, A.: RESTful API Automated Test Case Generation. In: 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS). IEEE pp. 9\u201320, (2017) https:\/\/doi.org\/10.1109\/QRS.2017.11(2017)","DOI":"10.1109\/QRS.2017.11"},{"key":"979_CR7","doi-asserted-by":"publisher","unstructured":"Arcuri, A.: RESTful API automated test case generation with EvoMaster. en. In: ACM Transactions on Software Engineering and Methodology, pp.1\u201337, (2019). https:\/\/doi.org\/10.1145\/3293455. https:\/\/dl.acm.org\/doi\/10.1145\/3293455","DOI":"10.1145\/3293455"},{"key":"979_CR8","doi-asserted-by":"publisher","unstructured":"Arcuri, A.: Test suite generation with the Many Independent Objective (MIO) algorithm. en. In: Information and Software Technology, (2018). https:\/\/doi.org\/10.1016\/j.infsof.2018.05.003. https:\/\/reader.elsevier.com\/reader\/sd\/pii\/S0950584917304822","DOI":"10.1016\/j.infsof.2018.05.003"},{"key":"979_CR9","doi-asserted-by":"publisher","unstructured":"Arcuri, A., Galeotti, JP.: enhancing search-based testing with testability transformations for existing APIs. en. ACM Transactions on Software Engineering and Methodology, pp. 1\u201334, (2022). https:\/\/doi.org\/10.1145\/3477271. https:\/\/dl.acm.org\/doi\/10.1145\/3477271","DOI":"10.1145\/3477271"},{"key":"979_CR10","doi-asserted-by":"publisher","unstructured":"Arcuri, A., et al.: EMB: A curated corpus of web\/enterprise applications and library support for software testing research. In: 2023 IEEE Conference on Software Testing, Verification and Validation (ICST), pp. 433\u2013442, (2023). https:\/\/doi.org\/10.1109\/ICST57152.2023.00047","DOI":"10.1109\/ICST57152.2023.00047"},{"key":"979_CR11","doi-asserted-by":"publisher","unstructured":"Atlidakis, V., Godefroid, P., Polishchuk, M.: Checking security properties of cloud service REST APIs. In: 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST). IEEE, pp. 387\u2013397, (2020). https:\/\/doi.org\/10.1109\/ICST46399.2020.00046","DOI":"10.1109\/ICST46399.2020.00046"},{"key":"979_CR12","doi-asserted-by":"publisher","unstructured":"Atlidakis, V., Godefroid, P., Polishchuk, M.: RESTler: Stateful REST API Fuzzing. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE), IEEE, pp. 748\u2013758, (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00083","DOI":"10.1109\/ICSE.2019.00083"},{"key":"979_CR13","doi-asserted-by":"publisher","unstructured":"Auricchio, N., et al.: An automated approach to Web Offensive Security. en. In: Computer Communications, pp. 248\u2013261, (2022). https:\/\/doi.org\/10.1016\/j.comcom.2022.08.018. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0140366422003267","DOI":"10.1016\/j.comcom.2022.08.018"},{"key":"979_CR14","doi-asserted-by":"publisher","unstructured":"Bizer, C., et al. DBpedia - A crystallization point for the Web of Data. In: Journal of Web Semantics, pp.154\u2013165, (2009). https:\/\/doi.org\/10.1016\/j.websem.2009.07.002. https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1570826809000225","DOI":"10.1016\/j.websem.2009.07.002"},{"key":"979_CR15","doi-asserted-by":"publisher","unstructured":"Blinowski, G., Ojdowska, A., Przyby\u0142ek, A.: Monolithic vs. microservice architecture: a performance and scalability evaluation. In: IEEE Access. Conference Name: IEEE Access, pp. 20357\u201320374, (2022) https:\/\/doi.org\/10.1109\/ACCESS.2022.3152803","DOI":"10.1109\/ACCESS.2022.3152803"},{"key":"979_CR16","doi-asserted-by":"publisher","unstructured":"B\u00fclthoff, F., Maleshkova, M.: RESTful or RESTless \u2013 Current State of Today\u2019s Top Web APIs. en. In: Semantic Web: ESWC 2014 Satellite Events. Ed. by Valentina Presutti et al. Series Title: Lecture Notes in Computer Science. Cham: Springer International Publishing, pp.64\u201374, (2014). https:\/\/doi.org\/10.1007\/978-3-319-11955-7_6. http:\/\/link.springer.com\/10.1007\/978-3-319-11955-7_6","DOI":"10.1007\/978-3-319-11955-7_6"},{"key":"979_CR17","doi-asserted-by":"publisher","unstructured":"Chen, C., et al.: A systematic review of fuzzing techniques. en. In: Computers & Security, pp. 118\u2013137, (2018). https:\/\/doi.org\/10.1016\/j.cose.2018.02.002. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404818300658","DOI":"10.1016\/j.cose.2018.02.002"},{"key":"979_CR18","doi-asserted-by":"publisher","unstructured":"Cho, K., et al. Learning Phrase Representations using RNN Encoder\u2013Decoder for Statistical Machine Translation. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP). Ed. by Alessandro Moschitti, Bo Pang, and Walter Daelemans. Doha, Qatar: Association for Computational Linguistics, pp. 1724\u20131734, (2014). https:\/\/doi.org\/10.3115\/v1\/D14-1179. https:\/\/aclanthology.org\/D14-1179","DOI":"10.3115\/v1\/D14-1179"},{"key":"979_CR19","doi-asserted-by":"publisher","unstructured":"Corradini, D., Pasqua, M., Ceccato, M.: Automated Black-Box Testing of Mass Assignment Vulnerabilities in RESTful APIs. en. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). Melbourne, Australia: IEEE, pp. 2553\u20132564, (2023). https:\/\/doi.org\/10.1109\/ICSE48619.2023.00213. https:\/\/ieeexplore.ieee.org\/document\/10172607\/","DOI":"10.1109\/ICSE48619.2023.00213"},{"key":"979_CR20","doi-asserted-by":"publisher","unstructured":"Corradini, D., et al.: Automated black-box testing of nominal and error scenarios in RESTful APIs. en. In: Software Testing, Verification and Reliability, pp. e1808, (2022). https:\/\/doi.org\/10.1002\/stvr.1808. https:\/\/onlinelibrary.wiley.com\/doi\/abs\/10.1002\/stvr.1808","DOI":"10.1002\/stvr.1808"},{"key":"979_CR21","doi-asserted-by":"publisher","unstructured":"Corradini, D., et al.: RestTestGen: an extensible framework for automated black-box testing of RESTful APIs. en. In: 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME). Limassol, Cyprus: IEEE, pp. 504\u2013508, (2022). https:\/\/doi.org\/10.1109\/ICSME55016.2022.00068 . https:\/\/ieeexplore.ieee.org\/document\/9978261\/","DOI":"10.1109\/ICSME55016.2022.00068"},{"key":"979_CR22","doi-asserted-by":"publisher","unstructured":"De, B.: API Documentation. In: API Management: An Architect\u2019s Guide to Developing and Managing APIs for Your Organization. Berkeley, CA: Apress, pp. 59\u201380, (2017). https:\/\/doi.org\/10.1007\/978-1-4842-1305-6_4","DOI":"10.1007\/978-1-4842-1305-6_4"},{"key":"979_CR23","doi-asserted-by":"publisher","unstructured":"Deepa, G., Santhi TP.: Securing web applications from injection and logic vulnerabilities: Approaches and challenges. en. In: Information and Software Technology, pp. 160\u2013180, (2016). https:\/\/doi.org\/10.1016\/j.infsof.2016.02.005. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584916300234","DOI":"10.1016\/j.infsof.2016.02.005"},{"key":"979_CR24","unstructured":"Deng, G., et al. NAUTILUS: automated RESTful API vulnerability detection. In: Proceedings of the 32nd USENIX Security Symposium. Anaheim, CA, USA: USENIX Association, pp. 5593\u20135609, (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/deng-gelei"},{"key":"979_CR25","doi-asserted-by":"publisher","unstructured":"Dolan-Gavitt, B., et al.: LAVA: large-scale automated vulnerability addition. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 110\u2013121, (2016). https:\/\/doi.org\/10.1109\/SP.2016.15","DOI":"10.1109\/SP.2016.15"},{"key":"979_CR26","unstructured":"Doupe, A., et al.: Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner. en. In: Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). pp. 523\u2013538. (2012)"},{"key":"979_CR27","doi-asserted-by":"publisher","unstructured":"Duchene, F., et al.: KameleonFuzz: evolutionary fuzzing for black-box XSS detection. en. In: Proceedings of the 4th ACM conference on Data and application security and privacy. San Antonio Texas USA: ACM, pp. 37\u201348, (2014). https:\/\/doi.org\/10.1145\/2557547.2557550. https:\/\/dl.acm.org\/doi\/10.1145\/2557547.2557550","DOI":"10.1145\/2557547.2557550"},{"key":"979_CR28","doi-asserted-by":"publisher","unstructured":"Duch\u00e8ne, F., et al.: LigRE: Reverse-engineering of control and data flow models for black-box XSS detection. In: 2013 20th Working Conference on Reverse Engineering (WCRE), pp. 252\u2013261, (2013). https:\/\/doi.org\/10.1109\/WCRE.2013.6671300","DOI":"10.1109\/WCRE.2013.6671300"},{"key":"979_CR29","unstructured":"Roy Thomas Fielding: architectural styles and the design of network-based software architectures. University of California, Irvine (2000)"},{"key":"979_CR30","doi-asserted-by":"publisher","unstructured":"Fui-Hoon, Fiona, Nah et al.: Generative AI and ChatGPT: applications, challenges, and AI-human collaboration. en. In: Journal of Information Technology Case and Application Research, pp. 277\u2013304, (2023). https:\/\/doi.org\/10.1080\/15228053.2023.2233814. https:\/\/www.tandfonline.com\/doi\/full\/10.1080\/15228053.2023.2233814","DOI":"10.1080\/15228053.2023.2233814"},{"key":"979_CR31","doi-asserted-by":"publisher","unstructured":"Fung, Adonis P.H.: et al. : Scanning of real-world web applications for parameter tampering vulnerabilities. en. In: Proceedings of the 9th ACM symposium on Information, computer and communications security. Kyoto Japan: ACM, pp. 341\u2013352, (2014). https:\/\/doi.org\/10.1145\/2590296.2590324","DOI":"10.1145\/2590296.2590324"},{"key":"979_CR32","unstructured":"Fuzzing Competition (C\/C++ Programs). (2023). https:\/\/sbft23.github.io\/tools\/fuzzing"},{"key":"979_CR33","doi-asserted-by":"publisher","unstructured":"Gauthier, F., et al.: Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST. en. In: Leibniz International Proceedings in Informatics (LIPIcs). (2022). https:\/\/doi.org\/10.4230\/LIPIcs.ECOOP.2022.29. https:\/\/drops.dagstuhl.de\/opus\/volltexte\/2022\/16257","DOI":"10.4230\/LIPIcs.ECOOP.2022.29"},{"key":"979_CR34","unstructured":"Get Started With The OpenAPI Specification. https:\/\/swagger.io\/solutions\/getting-started-with-oas\/"},{"key":"979_CR35","doi-asserted-by":"publisher","unstructured":"Giamattei, L.: et al. : Automated grey-box testing of microservice architectures. en. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS). Guangzhou, China: IEEE, pp. 640\u2013650. (2022). https:\/\/doi.org\/10.1109\/QRS57517.2022.00070. https:\/\/ieeexplore.ieee.org\/document\/10062422\/","DOI":"10.1109\/QRS57517.2022.00070"},{"key":"979_CR36","doi-asserted-by":"publisher","unstructured":"Giamattei, L., et al.: Automated functional and robustness testing of microservice architectures. en. In: Journal of Systems and Software, pp. 111857, (2024). https:\/\/doi.org\/10.1016\/j.jss.2023.111857. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0164121223002522","DOI":"10.1016\/j.jss.2023.111857"},{"key":"979_CR37","doi-asserted-by":"publisher","unstructured":"Godefroid, P.: Fuzzing: hack, art, and science. en. In: Communications of the ACM, pp. 70\u201376. (2020). https:\/\/doi.org\/10.1145\/3363824. https:\/\/dl.acm.org\/doi\/10.1145\/3363824","DOI":"10.1145\/3363824"},{"key":"979_CR38","doi-asserted-by":"publisher","unstructured":"Godefroid, Patrice, Huang, Bo-Yuan, Polishchuk, Marina: Intelligent REST API data fuzzing\u2019. en. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Virtual Event USA: ACM, pp. 725\u2013736, (2020). https:\/\/doi.org\/10.1145\/3368089.3409719. https:\/\/dl.acm.org\/doi\/10.1145\/3368089.3409719","DOI":"10.1145\/3368089.3409719"},{"key":"979_CR39","doi-asserted-by":"publisher","unstructured":"Golmohammadi, A., Zhang, M., Arcuri, A.: .NET\/C# instrumentation for search-based software testing. en. In: Software Quality Journal, pp. 1439\u20131465, (2023). https:\/\/doi.org\/10.1007\/s11219-023-09645-1. https:\/\/link.springer.com\/10.1007\/s11219-023-09645-1","DOI":"10.1007\/s11219-023-09645-1"},{"key":"979_CR40","doi-asserted-by":"publisher","unstructured":"Golmohammadi, A., Zhang, M., Arcuri, A.: Testing RESTful APIs: a survey. In: ACM Transactions on Software Engineering and Methodology, pp. 27:1\u201327:41, (2023). https:\/\/doi.org\/10.1145\/3617175. https:\/\/dl.acm.org\/doi\/10.1145\/3617175","DOI":"10.1145\/3617175"},{"key":"979_CR41","doi-asserted-by":"publisher","unstructured":"Haas, A., et al.: Bringing the web up to speed with WebAssembly. en. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Barcelona Spain: ACM, pp. 185\u2013200, (2017). https:\/\/doi.org\/10.1145\/3062341.3062363. https:\/\/dl.acm.org\/doi\/10.1145\/3062341.3062363","DOI":"10.1145\/3062341.3062363"},{"key":"979_CR42","doi-asserted-by":"publisher","unstructured":"Hazimeh, A., Herrera, A., Payer, M.: Magma: a ground-truth fuzzing benchmark. en. In: Proceedings of the ACM on Measurement and Analysis of Computing Systems, pp. 1\u201329, (2020). https:\/\/doi.org\/10.1145\/3428334. https:\/\/dl.acm.org\/doi\/10.1145\/3428334","DOI":"10.1145\/3428334"},{"key":"979_CR43","doi-asserted-by":"publisher","unstructured":"Herrera, A., et al.: Seed selection for successful fuzzing. en. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis. Virtual Denmark: ACM, pp. 230\u2013243, (2021).https:\/\/doi.org\/10.1145\/3460319.3464795. https:\/\/dl.acm.org\/doi\/10.1145\/3460319.3464795","DOI":"10.1145\/3460319.3464795"},{"key":"979_CR44","doi-asserted-by":"publisher","unstructured":"Horv\u00e1th, F., et al.: Code coverage differences of Java bytecode and source code instrumentation tools. en. In: Software Quality Journal, pp. 79\u2013123, (2019). https:\/\/doi.org\/10.1007\/s11219-017-9389-z. http:\/\/link.springer.com\/10.1007\/s11219-017-9389-z","DOI":"10.1007\/s11219-017-9389-z"},{"key":"979_CR45","doi-asserted-by":"crossref","unstructured":"Indrasiri, K., Siriwardena, P.: Microservices for the enterprise: designing, developing, and deploying. Apress, (2018). https:\/\/books.google.nl\/books?id=Qfd5DwAAQBAJ","DOI":"10.1007\/978-1-4842-3858-5"},{"key":"979_CR46","unstructured":"Jin, Brenda, Sahni, Saurabh: and Amir Shevat. Building APIs that developers love. O\u2019Reilly Media Inc, Designing Web APIs (2018)"},{"key":"979_CR47","doi-asserted-by":"publisher","unstructured":"Kim, M., et al.: Enhancing REST API Testing with NLP Techniques. en. In: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis. Seattle WA USA: ACM, pp. 1232\u20131243, (2023). https:\/\/doi.org\/10.1145\/3597926.3598131. https:\/\/dl.acm.org\/doi\/10.1145\/3597926.3598131","DOI":"10.1145\/3597926.3598131"},{"key":"979_CR48","doi-asserted-by":"publisher","unstructured":"Klooster, T., et al.: Continuous fuzzing: a study of the effectiveness and scalability of fuzzing in CI\/CD pipelines. In: 2023 IEEE\/ACM International Workshop on Search-Based and Fuzz Testing (SBFT). pp. 25\u201332, (2023). https:\/\/doi.org\/10.1109\/SBFT59156.2023.00015. https:\/\/ieeexplore.ieee.org\/document\/10190386","DOI":"10.1109\/SBFT59156.2023.00015"},{"key":"979_CR49","doi-asserted-by":"publisher","unstructured":"Korel, B.: Automated software test data generation. en. In: IEEE Transactions on Software Engineering, pp. 870\u2013879, (1990). https:\/\/doi.org\/10.1109\/32.57624. http:\/\/ieeexplore.ieee.org\/document\/57624\/","DOI":"10.1109\/32.57624"},{"key":"979_CR50","unstructured":"Landscape of API Traffic. (2021). https:\/\/blog.cloudflare.com\/landscape-of-api-traffic"},{"key":"979_CR51","doi-asserted-by":"publisher","unstructured":"Laranjeiro, N., Agnelo, J., Bernardino, J.: A black box tool for robustness testing of REST Services. In: IEEE Access. Conference Name: IEEE Access, pp. 24738\u201324754, (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3056505","DOI":"10.1109\/ACCESS.2021.3056505"},{"key":"979_CR52","unstructured":"lcamtuf. Technical whitepaper for afl-fuzz. https:\/\/lcamtuf.coredump.cx\/afl\/technical_details.txt"},{"key":"979_CR53","doi-asserted-by":"publisher","unstructured":"Lei, Z., et al.: Bootstrapping Automated Testing for RESTful Web Services. en. In: IEEE Transactions on Software Engineering, pp. 1561\u20131579, (2023). https:\/\/doi.org\/10.1109\/TSE.2022.3182663. https:\/\/ieeexplore.ieee.org\/document\/9796038\/","DOI":"10.1109\/TSE.2022.3182663"},{"key":"979_CR54","doi-asserted-by":"publisher","unstructured":"Li, J., Zhao, B., Zhang, C.: Fuzzing: a survey. en. In: Cybersecurity, p. 6, (2018). https:\/\/doi.org\/10.1186\/s42400-018-0002-y. https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-018-0002-y","DOI":"10.1186\/s42400-018-0002-y"},{"key":"979_CR55","doi-asserted-by":"publisher","unstructured":"Li, S., et al.: Understanding and addressing quality attributes of microservices architecture: A Systematic literature review. en. In: Information and Software Technology, pp. 106449, (2021). https:\/\/doi.org\/10.1016\/j.infsof.2020.106449. https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0950584920301993","DOI":"10.1016\/j.infsof.2020.106449"},{"key":"979_CR56","doi-asserted-by":"publisher","unstructured":"Li, X., Xue, Y.: A survey on server-side approaches to securing web applications. en. In: ACM Computing Surveys, pp. 1\u201329, (2014). https:\/\/doi.org\/10.1145\/2541315. https:\/\/dl.acm.org\/doi\/10.1145\/2541315","DOI":"10.1145\/2541315"},{"key":"979_CR57","doi-asserted-by":"publisher","unstructured":"Liang, H., et al.: Fuzzing: State of the Art. In: IEEE Transactions on Reliability. Conference Name: IEEE Transactions on Reliability, pp. 1199\u20131218, (2018). https:\/\/doi.org\/10.1109\/TR.2018.2834476","DOI":"10.1109\/TR.2018.2834476"},{"key":"979_CR58","unstructured":"libFuzzer. (2016). http:\/\/llvm.org\/docs\/LibFuzzer.html"},{"key":"979_CR59","doi-asserted-by":"publisher","unstructured":"Lin, J., et al.: foREST: A Tree-based Black-box Fuzzing Approach for RESTful APIs. en. In: 2023 IEEE 34th International Symposium on Software Reliability Engineering (ISSRE). Florence, Italy: IEEE, pp. 695\u2013705, (2023). https:\/\/doi.org\/10.1109\/ISSRE59848.2023.00023. https:\/\/ieeexplore.ieee.org\/document\/10301255\/","DOI":"10.1109\/ISSRE59848.2023.00023"},{"key":"979_CR60","doi-asserted-by":"publisher","unstructured":"Liu, Chien-Hung, Chen, Shu-Ling, Huang, Hong-Kai: Automated Test Input Generation for Testing Representational State Transfer (REST) Application Programming Interface (API) using Parameter Fuzzing. en. In: 2023 IEEE 6th International Conference on Knowledge Innovation and Invention (ICKII). Sapporo, Japan: IEEE, pp. 249\u2013253, (2023). https:\/\/doi.org\/10.1109\/ICKII58656.2023.10332662. https:\/\/ieeexplore.ieee.org\/document\/10332662\/","DOI":"10.1109\/ICKII58656.2023.10332662"},{"key":"979_CR61","doi-asserted-by":"crossref","unstructured":"Luong, Minh-Thang, Pham, Hieu, Christopher D. Manning: Effective Approaches to Attention-based Neural Machine Translation. (2015). arXiv:1508.04025","DOI":"10.18653\/v1\/D15-1166"},{"key":"979_CR62","unstructured":"Lyu, C., Xu, J., Ji, S.: MINER: A Hybrid Data-Driven Approach for REST API Fuzzing. In: Proceedings of the 32nd USENIX Security Symposium. Anaheim, CA, USA: USENIX Association, pp. 4517\u20134534, (2023). https:\/\/www.usenix.org\/conference\/usenixsecurity23\/presentation\/lyu"},{"key":"979_CR63","doi-asserted-by":"publisher","unstructured":"Manes, VJM. et al.: The Art, Science, and Engineering of Fuzzing: A Survey. en. In: IEEE Transactions on Software Engineering, pp. 2312\u20132331, (2021). https:\/\/doi.org\/10.1109\/TSE.2019.2946563. https:\/\/ieeexplore.ieee.org\/document\/8863940\/","DOI":"10.1109\/TSE.2019.2946563"},{"key":"979_CR64","doi-asserted-by":"publisher","unstructured":"Marculescu, B., Zhang, M., Arcuri, A.: On the Faults Found in REST APIs by Automated Test Generation. en. In: ACM Transactions on Software Engineering and Methodology, pp. 1\u201343, (2022). https:\/\/doi.org\/10.1145\/3491038. https:\/\/dl.acm.org\/doi\/10.1145\/3491038","DOI":"10.1145\/3491038"},{"key":"979_CR65","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto, Segura, Sergio, Ruiz-Cort\u00e9s, Antonio: A Catalogue of Inter-parameter Dependencies in RESTful Web APIs\u201d. en. In: Service-Oriented Computing. Ed. by Sami Yangui et al. Series Title: Lecture Notes in Computer Science. Cham: Springer International Publishing, pp. 399\u2013414, (2019). https:\/\/doi.org\/10.1007\/978-3-030-33702-5_31. http:\/\/link.springer.com\/10.1007\/978-3-030-33702-5_31","DOI":"10.1007\/978-3-030-33702-5_31"},{"key":"979_CR66","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto, Segura, Sergio, Ruiz-Cort\u00e9s, Antonio.: Online testing of RESTful APIs: promises and challenges. en. In: Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. Singapore Singapore: ACM, pp. 408\u2013420, (2022). https:\/\/doi.org\/10.1145\/3540250.3549144. https:\/\/dl.acm.org\/doi\/10.1145\/3540250.3549144","DOI":"10.1145\/3540250.3549144"},{"key":"979_CR67","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto, Segura, Sergio, Ruiz-Cort\u00e9s, Antonio: RESTest: automated black-box testing of RESTful web APIs. en. In: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis. Virtual Denmark: ACM, pp. 682\u2013685. (2021). https:\/\/doi.org\/10.1145\/3460319.3469082. https:\/\/dl.acm.org\/doi\/10.1145\/3460319.3469082","DOI":"10.1145\/3460319.3469082"},{"key":"979_CR68","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto, Segura, Sergio, Ruiz-Cort\u00e9s, Antonio.: RESTest: Black-Box Constraint-Based Testing of RESTful Web APIs. en. In: Service-Oriented Computing. Ed. by Eleanna Kafeza et al. Series Title: Lecture Notes in Computer Science. Cham: Springer International Publishing, pp. 459\u2013475, (2020). https:\/\/doi.org\/10.1007\/978-3-030-65310-1_33. https:\/\/link.springer.com\/10.1007\/978-3-030-65310-1_33","DOI":"10.1007\/978-3-030-65310-1_33"},{"key":"979_CR69","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto, Segura, Sergio, Ruiz-Cort\u00e9s, Antonio: Test coverage criteria for RESTful web APIs. en. In: Proceedings of the 10th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation. Tallinn Estonia: ACM, pp. 15\u201321, (2019). https:\/\/doi.org\/10.1145\/3340433.3342822. https:\/\/dl.acm.org\/doi\/10.1145\/3340433.3342822","DOI":"10.1145\/3340433.3342822"},{"key":"979_CR70","doi-asserted-by":"publisher","unstructured":"Martin-Lopez, Alberto et al.: Specification and Automated Analysis of Inter-Parameter Dependencies in Web APIs. In: IEEE Transactions on Services Computing. Conference Name: IEEE Transactions on Services Computing, pp. 2342\u20132355, (2022) https:\/\/doi.org\/10.1109\/TSC.2021.3050610","DOI":"10.1109\/TSC.2021.3050610"},{"key":"979_CR71","doi-asserted-by":"publisher","unstructured":"Meng, R.,et al.: Large Language Model guided Protocol Fuzzing. en. In: Proceedings of the 31st Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA, USA. (2024). https:\/\/doi.org\/10.14722\/ndss.2024.24556","DOI":"10.14722\/ndss.2024.24556"},{"key":"979_CR72","doi-asserted-by":"crossref","unstructured":"Miller, Barton P, Fredriksen, Lars, So, Bryan: An empirical study of the reliability of UNIX utilities\u201d. In: Communications of the ACM, pp. 32\u201344, (1990)","DOI":"10.1145\/96267.96279"},{"key":"979_CR73","doi-asserted-by":"publisher","unstructured":"Mirabella, A.Giuliano et al.; Deep Learning-Based Prediction of Test Input Validity for RESTful APIs. en. In: 2021 IEEE\/ACM Third International Workshop on Deep Learning for Testing and Testing for Deep Learning (DeepTest). Madrid, Spain: IEEE, pp. 9\u201316, (2021) https:\/\/doi.org\/10.1109\/DeepTest52559.2021.00008. https:\/\/ieeexplore.ieee.org\/document\/9476896\/","DOI":"10.1109\/DeepTest52559.2021.00008"},{"key":"979_CR74","unstructured":"OWASP API Security Project \u2014 OWASP Foundation. https:\/\/owasp.org\/www-project-api-security\/"},{"key":"979_CR75","doi-asserted-by":"publisher","unstructured":"Pan, L.et al.: EDEFuzz: A Web API Fuzzer for Excessive Data Exposures. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering. ICSE \u201924. New York, NY, USA: Association for Computing Machinery, pp. 1\u201312, (2024). https:\/\/doi.org\/10.1145\/3597503.3608133. https:\/\/dl.acm.org\/doi\/10.1145\/3597503.3608133","DOI":"10.1145\/3597503.3608133"},{"key":"979_CR76","doi-asserted-by":"publisher","unstructured":"Peng, C., Gao, Y., Yang, P.: Automated Server Testing: an Industrial Experience Report. en. In: 2022 IEEE International Conference on Software Maintenance and Evolution (ICSME). Limassol, Cyprus: IEEE, pp. 519\u2013522, (2022). https:\/\/doi.org\/10.1109\/ICSME55016.2022.00071. https:\/\/ieeexplore.ieee.org\/document\/9977442\/","DOI":"10.1109\/ICSME55016.2022.00071"},{"key":"979_CR77","unstructured":"Pezz\u00e8, M., Young, M.: Software Testing and analysis: process, principles, and techniques. Wiley India Pvt, Limited (2008)"},{"key":"979_CR78","doi-asserted-by":"publisher","unstructured":"Pham, Van-Thuan, B\u00f6hme, Marcel, Roychoudhury, Abhik.: AFLNET: a greybox fuzzer for network protocols. In: 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), pp. 460\u2013465, (2020). https:\/\/doi.org\/10.1109\/ICST46399.2020.00062","DOI":"10.1109\/ICST46399.2020.00062"},{"key":"979_CR79","unstructured":"Richardson, L., Amundsen, M., Ruby, S.: RESTful Web APIs: services for a changing world. O\u2019Reilly Media, (2013). https:\/\/books.google.nl\/books?id=ZXDGAAAAQBAJ"},{"key":"979_CR80","doi-asserted-by":"publisher","unstructured":"Orpheas van Rooij et al.: webFuzz: Grey-Box Fuzzing for Web Application. en. In: Computer Security \u2013 ESORICS 2021. Ed. byElisa Bertino, Haya Shulman, and MichaelWaidner. Lecture Notes in Computer Science.Cham: Springer International Publishing, pp. 152\u2013172, (2021). https:\/\/doi.org\/10.1007\/978-3-030-88418-5_8","DOI":"10.1007\/978-3-030-88418-5_8"},{"key":"979_CR81","doi-asserted-by":"publisher","unstructured":"Serrano, Nicol\u00e1s, Hernantes, Josune, Gallardo, Gorka: Mobile Web Apps. In: IEEE Software. Conference Name: IEEE Software, pp. 22\u201327, (2013). https:\/\/doi.org\/10.1109\/MS.2013.111","DOI":"10.1109\/MS.2013.111"},{"key":"979_CR82","doi-asserted-by":"publisher","unstructured":"Trickel, E., et al.: Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities. en. In: 2023 IEEE Symposium on Security and Privacy (SP). 44. SAN FRANCISCO: IEEE Computer Society, pp. 2658\u20132675, (2023). https:\/\/doi.org\/10.1109\/SP46215.2023.00007","DOI":"10.1109\/SP46215.2023.00007"},{"key":"979_CR83","doi-asserted-by":"publisher","unstructured":"Tripp, O., et al.: TAJ: Effective Taint Analysis of Web Applications. en. In: Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation. Dublin, Ireland: Association for Computing Machinery, pp. 87\u201397, (2009). https:\/\/doi.org\/10.1145\/1542476.1542486","DOI":"10.1145\/1542476.1542486"},{"key":"979_CR84","doi-asserted-by":"publisher","unstructured":"Tsai, Chung-Hsuan, Tsai, Shi-Chun, Huang, Shih-Kun: REST API Fuzzing by Coverage Level Guided Blackbox Testing. In: 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS). IEEE, pp. 291\u2013300, (2021). https:\/\/doi.org\/10.1109\/QRS54544.2021.00040","DOI":"10.1109\/QRS54544.2021.00040"},{"key":"979_CR85","doi-asserted-by":"publisher","unstructured":"Viglianisi, E., Dallago, M., Ceccato, M.: RESTTESTGEN: Automated Black-Box Testing of RESTful APIs. In: 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST), pp. 142\u2013152, (2020). https:\/\/doi.org\/10.1109\/ICST46399.2020.00024","DOI":"10.1109\/ICST46399.2020.00024"},{"key":"979_CR86","unstructured":"Vulnerability Scanning Tools \u2014 OWASP Foundation. en. https:\/\/owasp.org\/www-community\/Vulnerability_Scanning_Tools"},{"key":"979_CR87","doi-asserted-by":"publisher","unstructured":"Wai, Khaing Hsu et al.: Code Modification Problems for Multimedia Use in JavaScript-Based Web Client Programming. en. In: Complex, Intelligent and Software Intensive Systems. Ed. by Leonard Barolli. Series Title: Lecture Notes in Networks and Systems. Cham: Springer International Publishing, pp. 548\u2013556, (2022). https:\/\/doi.org\/10.1007\/978-3-031-08812-4_53. https:\/\/link.springer.com\/10.1007\/978-3-031-08812-4_53","DOI":"10.1007\/978-3-031-08812-4_53"},{"key":"979_CR88","doi-asserted-by":"publisher","unstructured":"Wang, Junjie et al.: Superion: Grammar-Aware Greybox Fuzzing. en. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). Montreal, QC, Canada: IEEE, pp. 724\u2013735, (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00081 . https:\/\/ieeexplore.ieee.org\/document\/8811923\/","DOI":"10.1109\/ICSE.2019.00081"},{"key":"979_CR89","doi-asserted-by":"publisher","unstructured":"Wu, H., et al.: Combinatorial testing of RESTful APIs. en. In: Proceedings of the 44th International Conference on Software Engineering. Pittsburgh Pennsylvania: ACM, pp. 426\u2013437, (2022). https:\/\/doi.org\/10.1145\/3510003.3510151. https:\/\/dl.acm.org\/doi\/10.1145\/3510003.3510151","DOI":"10.1145\/3510003.3510151"},{"key":"979_CR90","doi-asserted-by":"publisher","unstructured":"Yamamoto, K.: Efficient penetration of API sequences to test stateful RESTful services. en. In: 2021 IEEE International Conference on Web Services (ICWS). Chicago, IL, USA: IEEE, pp. 734\u2013740, (2021). https:\/\/doi.org\/10.1109\/ICWS53863.2021.00101. https:\/\/ieeexplore.ieee.org\/document\/9590435\/","DOI":"10.1109\/ICWS53863.2021.00101"},{"key":"979_CR91","doi-asserted-by":"publisher","unstructured":"Yandrapally, R., et al.: Carving UI Tests to Generate API Tests and API Specification. en. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE). Melbourne, Australia: IEEE, pp. 1971\u20131982, (2023). https:\/\/doi.org\/10.1109\/ICSE48619.2023.00167. https:\/\/ieeexplore.ieee.org\/document\/10172784\/","DOI":"10.1109\/ICSE48619.2023.00167"},{"key":"979_CR92","doi-asserted-by":"publisher","unstructured":"Yin, Zijing et al.: \u201cScanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization\u201d. en. In: ACM Transactions on Software Engineering and Methodology 32(1)(2023), pp.1\u201330. ISSN: 1049-331X, 1557-7392. https:\/\/doi.org\/10.1145\/3517036. https:\/\/dl.acm.org\/doi\/10.1145\/3517036 (visited on 09\/20\/2024)","DOI":"10.1145\/3517036"},{"key":"979_CR93","doi-asserted-by":"publisher","unstructured":"Yun, J., et al.: Fuzzing of Embedded Systems: a survey\u2019. en. In: ACM Computing Surveys, pp. 1\u201333, (2023). https:\/\/doi.org\/10.1145\/3538644. https:\/\/dl.acm.org\/doi\/10.1145\/3538644","DOI":"10.1145\/3538644"},{"key":"979_CR94","unstructured":"Zalewski, M.: American Fuzzy Lop. (2014). http:\/\/lcamtuf.coredump.cx\/afl"},{"key":"979_CR95","doi-asserted-by":"publisher","unstructured":"Zhang, H., Dong, W., Jiang, L.: Zokfuzz: Detection of Web Vulnerabilities via Fuzzing. In: 2022 2nd International Conference on Consumer Electronics and Computer Engineering (ICCECE). IEEE, pp. 281\u2013287, (2022). https:\/\/doi.org\/10.1109\/ICCECE54139.2022.9712748","DOI":"10.1109\/ICCECE54139.2022.9712748"},{"key":"979_CR96","doi-asserted-by":"publisher","unstructured":"Zhang, J., et al.: A novel neural source code representation based on abstract syntax tree. en. In: 2019 IEEE\/ACM 41st International Conference on Software Engineering (ICSE). Montreal, QC, Canada: IEEE, pp. 783\u2013794, (2019). https:\/\/doi.org\/10.1109\/ICSE.2019.00086. https:\/\/ieeexplore.ieee.org\/document\/8812062\/","DOI":"10.1109\/ICSE.2019.00086"},{"key":"979_CR97","doi-asserted-by":"publisher","unstructured":"Zhang, M., Arcuri, A.: Adaptive hypermutation for search-based system test generation: a study on REST APIs with EvoMaster. en. In: ACM Transactions on Software Engineering and Methodology, pp. 1\u201352, (2022). https:\/\/doi.org\/10.1145\/3464940. https:\/\/dl.acm.org\/doi\/10.1145\/3464940","DOI":"10.1145\/3464940"},{"key":"979_CR98","doi-asserted-by":"publisher","unstructured":"Zhang, M., Arcuri, A.: Open Problems in Fuzzing RESTful APIs: a comparison of tools. en. In: ACM Transactions on Software Engineering and Methodology, pp. 1\u201345, (2023). https:\/\/doi.org\/10.1145\/3597205","DOI":"10.1145\/3597205"},{"key":"979_CR99","doi-asserted-by":"publisher","unstructured":"Zhang, M., Belhadi, A., Arcuri, A. JavaScript SBST Heuristics to Enable Effective Fuzzing of NodeJS Web APIs. In: ACM Transactions on Software Engineering and Methodology, pp. 139:1\u2013139:29, (2023). https:\/\/doi.org\/10.1145\/3593801. https:\/\/dl.acm.org\/doi\/10.1145\/3593801","DOI":"10.1145\/3593801"},{"key":"979_CR100","doi-asserted-by":"publisher","unstructured":"Zhang, M., Marculescu, B., Arcuri, A.: Resource-based test case generation for RESTful web services. en. In: Proceedings of the Genetic and Evolutionary Computation Conference. Prague Czech Republic: ACM, pp. 1426\u20131434, (2019). https:\/\/doi.org\/10.1145\/3321707.3321815. https:\/\/dl.acm.org\/doi\/10.1145\/3321707.3321815","DOI":"10.1145\/3321707.3321815"},{"key":"979_CR101","doi-asserted-by":"publisher","unstructured":"Zhang, M., et al.: White-Box Fuzzing RPC-Based APIs with EvoMaster: An Industrial Case Study. In: ACM Transactions on Software Engineering and Methodology, pp. 122:1\u2013122:38, (2023). https:\/\/doi.org\/10.1145\/3585009","DOI":"10.1145\/3585009"},{"key":"979_CR102","doi-asserted-by":"publisher","unstructured":"Zhao, J et al.: Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability. en. In: Electronics, pp. 758, (2022). https:\/\/doi.org\/10.3390\/electronics11050758. https:\/\/www.mdpi.com\/2079-9292\/11\/5\/758","DOI":"10.3390\/electronics11050758"},{"key":"979_CR103","doi-asserted-by":"publisher","unstructured":"Zhu, X et al.: Fuzzing: A Survey for Roadmap. en. In: ACM Computing Surveys, pp. 1\u201336, (2022). https:\/\/doi.org\/10.1145\/3512345","DOI":"10.1145\/3512345"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00979-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00979-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00979-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,30]],"date-time":"2025-03-30T07:57:19Z","timestamp":1743321439000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00979-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,5]]},"references-count":103,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["979"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00979-w","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,5]]},"assertion":[{"value":"5 February 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors do not have any financial or non-financial interests to disclose that are relevant to the content.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}},{"value":"Not applicable.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}}],"article-number":"73"}}