{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T02:13:00Z","timestamp":1775873580855,"version":"3.50.1"},"reference-count":178,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,11,24]],"date-time":"2023-11-24T00:00:00Z","timestamp":1700784000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Research Council (ERC) under the European Union\u2019s Horizon 2020 research and innovation programme","award":["864972"],"award-info":[{"award-number":["864972"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2024,1,31]]},"abstract":"<jats:p>In industry, RESTful APIs are widely used to build modern Cloud Applications. Testing them is challenging, because not only do they rely on network communications, but also they deal with external services like databases. Therefore, there has been a large amount of research sprout in recent years on how to automatically verify this kind of web services. In this article, we present a comprehensive review of the current state-of-the-art in testing RESTful APIs based on the analysis of 92 scientific articles. These articles were gathered by utilizing search queries formulated around the concept of RESTful API testing on seven popular databases. We eliminated irrelevant articles based on our predefined criteria and conducted a snowballing phase to minimize the possibility of missing any relevant paper. This survey categorizes and summarizes the existing scientific work on testing RESTful APIs and discusses the current challenges in the verification of RESTful APIs. This survey clearly shows an increasing interest among researchers in this field, from 2017 onward. However, there are still a lot of open research challenges to overcome.<\/jats:p>","DOI":"10.1145\/3617175","type":"journal-article","created":{"date-parts":[[2023,8,21]],"date-time":"2023-08-21T12:54:58Z","timestamp":1692622498000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":65,"title":["Testing RESTful APIs: A Survey"],"prefix":"10.1145","volume":"33","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2324-5794","authenticated-orcid":false,"given":"Amid","family":"Golmohammadi","sequence":"first","affiliation":[{"name":"Kristiania University College, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1204-9322","authenticated-orcid":false,"given":"Man","family":"Zhang","sequence":"additional","affiliation":[{"name":"Kristiania University College, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0799-2930","authenticated-orcid":false,"given":"Andrea","family":"Arcuri","sequence":"additional","affiliation":[{"name":"Kristiania University College and Oslo Metropolitan University, Norway"}]}],"member":"320","published-online":{"date-parts":[[2023,11,24]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"APIFuzzer \u2013 HTTP API Testing Framework. Retrieved from https:\/\/github.com\/KissPeter\/APIFuzzer. Accessed August 28 2023."},{"key":"e_1_3_2_3_2","unstructured":"APIs.guru. Retrieved from https:\/\/apis.guru\/. Accessed August 28 2023."},{"key":"e_1_3_2_4_2","unstructured":"ApiTester. Retrieved from https:\/\/github.com\/opendata-for-all\/api-tester. Accessed August 28 2023."},{"key":"e_1_3_2_5_2","unstructured":"Autorize: Automatic authorization enforcement detection extension for Burp Suite. Retrieved from https:\/\/github.com\/portswigger\/autorize. Accessed August 28 2023."},{"key":"e_1_3_2_6_2","unstructured":"bBOXRT. Retrieved from https:\/\/git.dei.uc.pt\/cnl\/bBOXRT. Accessed August 28 2023."},{"key":"e_1_3_2_7_2","unstructured":"Burp Suite. Retrieved from https:\/\/portswigger.net\/burp. Accessed August 28 2023."},{"key":"e_1_3_2_8_2","unstructured":"Cats: REST API Fuzzer and negative testing tool for OpenAPI endpoints. Retrieved from https:\/\/github.com\/Endava\/cats. Accessed August 28 2023."},{"key":"e_1_3_2_9_2","unstructured":"Deep Learning-Based Prediction of Test Input Validity for RESTful APIs Tool. Retrieved from https:\/\/anonymous.4open.science\/r\/8954c607-8d6c-4348-a23c-d57c920cdc22. Accessed August 28 2023."},{"key":"e_1_3_2_10_2","unstructured":"EvoMaster. Retrieved from https:\/\/github.com\/EMResearch\/EvoMaster. Accessed August 28 2023."},{"key":"e_1_3_2_11_2","unstructured":"EvoMaster Benchmark (EMB). Retrieved from https:\/\/github.com\/EMResearch\/EMB. Accessed August 28 2023."},{"key":"e_1_3_2_12_2","unstructured":"ExVivoMicroTest. Retrieved from https:\/\/gitlab.com\/learnERC\/exvivomicrotest. Accessed August 28 2023."},{"key":"e_1_3_2_13_2","unstructured":"Fuzz-lightyear: Stateful fuzzing framework. Retrieved from https:\/\/github.com\/Yelp\/fuzz-lightyear. Accessed August 28 2023."},{"key":"e_1_3_2_14_2","unstructured":"Fuzzapi. Retrieved from https:\/\/github.com\/Fuzzapi\/fuzzapi. Accessed August 28 2023."},{"key":"e_1_3_2_15_2","unstructured":"Fuzzy-swagger. Retrieved from https:\/\/github.com\/Lothiraldan\/swagger-fuzzer. Accessed August 28 2023."},{"key":"e_1_3_2_16_2","unstructured":"Gadolinium. Retrieved from https:\/\/github.com\/opendata-for-all\/gadolinium. Accessed August 28 2023."},{"key":"e_1_3_2_17_2","unstructured":"Go-fuzz: Randomized testing for Go. Retrieved from https:\/\/github.com\/dvyukov\/go-fuzz. Accessed August 28 2023."},{"key":"e_1_3_2_18_2","unstructured":"Got-Swag. Retrieved from https:\/\/github.com\/freenet-public\/got-swag. Accessed August 28 2023."},{"key":"e_1_3_2_19_2","unstructured":"GraphQL Foundation. Retrieved from https:\/\/graphql.org\/foundation\/. Accessed August 28 2023."},{"key":"e_1_3_2_20_2","unstructured":"Hsuan-Fuzz. Retrieved from https:\/\/github.com\/iasthc\/hsuan-fuzz. Accessed August 28 2023."},{"key":"e_1_3_2_21_2","unstructured":"IEEE Standard Glossary of Software Engineering Terminology IEEE Standard 610.12-1990 Dec. 1990. [Online; Available:] Retrieved from http:\/\/standards.ieee.org. Accessed August 28 2023."},{"key":"e_1_3_2_22_2","unstructured":"Instance Identification. Retrieved from https:\/\/github.com\/theovassiliou\/instanceidentification. Accessed August 28 2023."},{"key":"e_1_3_2_23_2","unstructured":"JSON Schema Specification Wright Draft 00. Retrieved from https:\/\/datatracker.ietf.org\/doc\/html\/draft-wright-json-schema-00. Accessed August 28 2023."},{"key":"e_1_3_2_24_2","unstructured":"JSONGen. Retrieved from https:\/\/github.com\/fredlund\/jsongen. Accessed August 28 2023."},{"key":"e_1_3_2_25_2","unstructured":"Language-agnostic HTTP API Testing Tool. Retrieved from https:\/\/github.com\/apiaryio\/dredd. Accessed August 28 2023."},{"key":"e_1_3_2_26_2","unstructured":"Open API Specification. Retrieved from https:\/\/swagger.io\/specification\/. Accessed August 28 2023."},{"key":"e_1_3_2_27_2","unstructured":"OpenAPI\/Swagger. Retrieved from https:\/\/swagger.io\/. Accessed August 28 2023."},{"key":"e_1_3_2_28_2","unstructured":"Postman: API platform for building and using APIs. Retrieved from https:\/\/www.getpostman.com\/. Accessed August 28 2023."},{"key":"e_1_3_2_29_2","unstructured":"Programmable Web. Retrieved from https:\/\/www.programmableweb.com\/. Accessed August 28 2023."},{"key":"e_1_3_2_30_2","unstructured":"RapidAPI. Retrieved from https:\/\/rapidapi.com\/. Accessed August 28 2023."},{"key":"e_1_3_2_31_2","unstructured":"REST API Tutorial. Retrieved from https:\/\/restfulapi.net\/. Accessed August 28 2023."},{"key":"e_1_3_2_32_2","unstructured":"RESTApiTester. Retrieved from https:\/\/github.com\/RobertGyalai\/RESTApiTester. Accessed August 28 2023."},{"key":"e_1_3_2_33_2","unstructured":"RestAssured. Retrieved from https:\/\/github.com\/rest-assured\/rest-assured. Accessed August 28 2023."},{"key":"e_1_3_2_34_2","unstructured":"Restats. Retrieved from https:\/\/github.com\/SeUniVr\/restats. Accessed August 28 2023."},{"key":"e_1_3_2_35_2","unstructured":"RestCT. Retrieved from https:\/\/github.com\/GIST-NJU\/RestCT. Accessed August 28 2023."},{"key":"e_1_3_2_36_2","unstructured":"RESTest. Retrieved from https:\/\/github.com\/isa-group\/RESTest. Accessed August 28 2023."},{"key":"e_1_3_2_37_2","unstructured":"RESTler. Retrieved from https:\/\/github.com\/microsoft\/restler-fuzzer. Accessed August 28 2023."},{"key":"e_1_3_2_38_2","unstructured":"RestTestGen. Retrieved from https:\/\/github.com\/SeUniVr\/RestTestGen. Accessed August 28 2023."},{"key":"e_1_3_2_39_2","unstructured":"Schemathesis: Property-based testing for API schemas. Retrieved from https:\/\/schemathesis.readthedocs.io\/. Accessed August 28 2023."},{"key":"e_1_3_2_40_2","unstructured":"SoapUI: Accelerating API Quality Through Testing. Retrieved from https:\/\/www.soapui.org\/. Accessed August 28 2023."},{"key":"e_1_3_2_41_2","unstructured":"SpotBugs: Find bugs in Java program. Retrieved from https:\/\/github.com\/spotbugs\/spotbugs. Accessed August 28 2023."},{"key":"e_1_3_2_42_2","unstructured":"Swagger-conform. Retrieved from https:\/\/github.com\/olipratt\/swagger-conformance. Accessed August 28 2023."},{"key":"e_1_3_2_43_2","unstructured":"Swagger Fuzzer. Retrieved from https:\/\/github.com\/Lothiraldan\/swagger-fuzzer. Accessed August 28 2023."},{"key":"e_1_3_2_44_2","unstructured":"Swagger Schema Validator. Retrieved from https:\/\/github.com\/bjansen\/swagger-schema-validator. Accessed August 28 2023."},{"key":"e_1_3_2_45_2","unstructured":"Tcases for OpenAPI: From REST-ful to Test-ful. Retrieved from https:\/\/github.com\/Cornutum\/tcases\/tree\/master\/tcases-openapi. Accessed August 28 2023."},{"key":"e_1_3_2_46_2","unstructured":"TnT-Fuzzer. Retrieved from https:\/\/github.com\/Teebytes\/TnT-Fuzzer. Accessed August 28 2023."},{"key":"e_1_3_2_47_2","unstructured":"ZAP: OWASP Zed Attack Proxy. Retrieved from https:\/\/www.zaproxy.org\/. Accessed August 28 2023."},{"key":"e_1_3_2_48_2","unstructured":"Salt.security. 2021. API Security Trends. Retrieved from https:\/\/salt.security\/api-security-trends. Accessed August 28 2023."},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2009.52"},{"key":"e_1_3_2_50_2","first-page":"9","volume-title":"IEEE International Conference on Software Quality, Reliability and Security (QRS\u201917)","author":"Arcuri Andrea","year":"2017","unstructured":"Andrea Arcuri. 2017. RESTful API automated test case generation. In IEEE International Conference on Software Quality, Reliability and Security (QRS\u201917). IEEE, 9\u201320."},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9570-9"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2018.05.003"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3293455"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2020.3013820"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/3321707.3321732"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/3391533"},{"key":"e_1_3_2_57_2","first-page":"153","volume-title":"IEEE 13th International Conference on Software Testing, Validation and Verification (ICST\u201920)","author":"Arcuri Andrea","year":"2020","unstructured":"Andrea Arcuri and Juan P. Galeotti. 2020. Testability transformations for existing APIs. In IEEE 13th International Conference on Software Testing, Validation and Verification (ICST\u201920). IEEE, 153\u2013163."},{"key":"e_1_3_2_58_2","doi-asserted-by":"publisher","DOI":"10.1145\/3477271"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.21105\/joss.02153"},{"key":"e_1_3_2_60_2","article-title":"Pythia: Grammar-based fuzzing of rest APIs with coverage-guided feedback and learning-based mutations","author":"Atlidakis Vaggelis","year":"2020","unstructured":"Vaggelis Atlidakis, Roxana Geambasu, Patrice Godefroid, Marina Polishchuk, and Baishakhi Ray. 2020. Pythia: Grammar-based fuzzing of rest APIs with coverage-guided feedback and learning-based mutations. arXiv preprint arXiv:2005.11498 (2020).","journal-title":"arXiv preprint arXiv:2005.11498"},{"key":"e_1_3_2_61_2","first-page":"748","volume-title":"ACM\/IEEE International Conference on Software Engineering (ICSE\u201919)","author":"Atlidakis Vaggelis","year":"2019","unstructured":"Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2019. RESTler: Stateful REST API fuzzing. In ACM\/IEEE International Conference on Software Engineering (ICSE\u201919). 748\u2013758."},{"key":"e_1_3_2_62_2","first-page":"387","volume-title":"IEEE International Conference on Software Testing, Verification and Validation (ICST\u201920)","author":"Atlidakis Vaggelis","year":"2020","unstructured":"Vaggelis Atlidakis, Patrice Godefroid, and Marina Polishchuk. 2020. Checking security properties of cloud service rest APIs. In IEEE International Conference on Software Testing, Verification and Validation (ICST\u201920). IEEE, 387\u2013397."},{"key":"e_1_3_2_63_2","article-title":"Tool demonstration: Testing JSON web services using JSONGEN","author":"Ballesteros Ignacio","year":"2018","unstructured":"Ignacio Ballesteros, Luis Eduardo Bueso de Barrio, Lars-Ake Fredlund, and Julio Marino. 2018. Tool demonstration: Testing JSON web services using JSONGEN. biblioteca.sistedes.es (2018). [Online; Available:] Retrieved from https:\/\/biblioteca.sistedes.es\/submissions\/descargas\/2018\/PROLE\/2018-PROLE-025.pdf. Accessed August 28, 2023.","journal-title":"biblioteca.sistedes.es"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.3390\/s21165375"},{"key":"e_1_3_2_65_2","article-title":"Automatic detection of access control vulnerabilities via API specification processing","author":"Barabanov Alexander","year":"2022","unstructured":"Alexander Barabanov, Denis Dergunov, Denis Makrushin, and Aleksey Teplov. 2022. Automatic detection of access control vulnerabilities via API specification processing. arXiv preprint arXiv:2201.10833 (2022).","journal-title":"arXiv preprint arXiv:2201.10833"},{"key":"e_1_3_2_66_2","first-page":"2442","volume-title":"Genetic and Evolutionary Computation Conference (GECCO\u201903)","author":"Baresel A.","year":"2003","unstructured":"A. Baresel and H. Sthamer. 2003. Evolutionary testing of flag conditions. In Genetic and Evolutionary Computation Conference (GECCO\u201903). 2442\u20132454."},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510047"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2372785"},{"key":"e_1_3_2_69_2","first-page":"33","volume-title":"13th ACM SIGPLAN Workshop on Erlang","author":"Earle Clara Benac","year":"2014","unstructured":"Clara Benac Earle, Lars-\u00c5ke Fredlund, \u00c1ngel Herranz, and Julio Mari\u00f1o. 2014. Jsongen: A QuickCheck based library for testing JSON web services. In 13th ACM SIGPLAN Workshop on Erlang. 33\u201341."},{"key":"e_1_3_2_70_2","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1145\/1982595.1982621","volume-title":"6th International Workshop on Automation of Software Test","author":"Besson Felipe M.","year":"2011","unstructured":"Felipe M. Besson, Pedro M. B. Leal, Fabio Kon, Alfredo Goldman, and Dejan Milojicic. 2011. Towards automated testing of web service choreographies. In 6th International Workshop on Automation of Software Test. 109\u2013110."},{"key":"e_1_3_2_71_2","first-page":"181","volume-title":"26th Asia-Pacific Software Engineering Conference (APSEC\u201919)","author":"Bhagya Thilini","year":"2019","unstructured":"Thilini Bhagya, Jens Dietrich, and Hans Guesgen. 2019. Generating mock skeletons for lightweight web-service testing. In 26th Asia-Pacific Software Engineering Conference (APSEC\u201919). IEEE, 181\u2013188."},{"issue":"3","key":"e_1_3_2_72_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3442694","article-title":"Software testing effort estimation and related problems: A systematic literature review","volume":"54","author":"Bluemke Ilona","year":"2021","unstructured":"Ilona Bluemke and Agnieszka Malanowska. 2021. Software testing effort estimation and related problems: A systematic literature review. ACM Comput. Surv. 54, 3 (2021), 1\u201338.","journal-title":"ACM Comput. Surv."},{"key":"e_1_3_2_73_2","first-page":"249","volume-title":"International Conference on Enterprise Information Systems (ICEIS\u201921)","author":"Bondel Gloria","year":"2021","unstructured":"Gloria Bondel, Josef Kamysek, Markus Kraft, and Florian Matthes. 2021. Design and implementation of a test tool for PSD2 compliant interfaces. In International Conference on Enterprise Information Systems (ICEIS\u201921). 249\u2013256."},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1470"},{"key":"e_1_3_2_75_2","first-page":"533","volume-title":"International Conference on Web Engineering","author":"Bucaille Steven","year":"2020","unstructured":"Steven Bucaille, Javier Luis C\u00e1novas Izquierdo, Hamza Ed-Douibi, and Jordi Cabot. 2020. An OpenAPI-based testing framework to monitor non-functional properties of rest APIs. In International Conference on Web Engineering. Springer, 533\u2013537."},{"key":"e_1_3_2_76_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-95888-8_4"},{"key":"e_1_3_2_77_2","first-page":"302","volume-title":"Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns (COMPUTATIONWORLD\u201909)","author":"Chakrabarti Sujit Kumar","year":"2009","unstructured":"Sujit Kumar Chakrabarti and Prashant Kumar. 2009. Test-the-rest: An approach to testing restful web-services. In Future Computing, Service Computation, Cognitive, Adaptive, Content, Patterns (COMPUTATIONWORLD\u201909). IEEE, 302\u2013308."},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1145\/1730874.1730902"},{"key":"e_1_3_2_79_2","first-page":"15","volume-title":"IEEE Secure Development Conference (SecDev\u201921)","author":"Cheh Carmen","year":"2021","unstructured":"Carmen Cheh and Binbin Chen. 2021. Analyzing OpenAPI specifications for security design issues. In IEEE Secure Development Conference (SecDev\u201921). IEEE, 15\u201322."},{"key":"e_1_3_2_80_2","article-title":"Metamorphic testing: A new approach for generating next test cases","author":"Chen Tsong Y.","year":"2020","unstructured":"Tsong Y. Chen, Shing C. Cheung, and Shiu Ming Yiu. 2020. Metamorphic testing: A new approach for generating next test cases. arXiv preprint arXiv:2002.12543 (2020).","journal-title":"arXiv preprint arXiv:2002.12543"},{"key":"e_1_3_2_81_2","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1007\/978-3-030-71500-7_3","volume-title":"International Conference on Fundamental Approaches to Software Engineering","author":"Chen Yixiong","year":"2021","unstructured":"Yixiong Chen, Yang Yang, Zhanyao Lei, Mingyuan Xia, and Zhengwei Qi. 2021. Bootstrapping automated testing for RESTful web services. In International Conference on Fundamental Approaches to Software Engineering. Springer, Cham, 46\u201366."},{"key":"e_1_3_2_82_2","first-page":"34","volume-title":"IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops\u201922)","author":"Cioroaica Emilia","year":"2022","unstructured":"Emilia Cioroaica, Said Daoudagh, and Eda Marchetti. 2022. Predictive simulation for building trust within service-based ecosystems. In IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops\u201922). IEEE, 34\u201337."},{"key":"e_1_3_2_83_2","article-title":"Automated black-box testing of mass assignment vulnerabilities in RESTful APIs","author":"Corradini Davide","year":"2023","unstructured":"Davide Corradini, Michele Pasqua, and Mariano Ceccato. 2023. Automated black-box testing of mass assignment vulnerabilities in RESTful APIs. arXiv preprint arXiv:2301.01261 (2023).","journal-title":"arXiv preprint arXiv:2301.01261"},{"key":"e_1_3_2_84_2","first-page":"226","volume-title":"IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM\u201921)","author":"Corradini Davide","year":"2021","unstructured":"Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. 2021. Empirical comparison of black-box test case generation tools for RESTful APIs. In IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM\u201921). IEEE, 226\u2013236."},{"key":"e_1_3_2_85_2","first-page":"594","volume-title":"IEEE International Conference on Software Maintenance and Evolution (ICSME\u201921)","author":"Corradini Davide","year":"2021","unstructured":"Davide Corradini, Amedeo Zampieri, Michele Pasqua, and Mariano Ceccato. 2021. Restats: A test coverage tool for RESTful APIs. In IEEE International Conference on Software Maintenance and Evolution (ICSME\u201921). IEEE, 594\u2013598."},{"key":"e_1_3_2_86_2","doi-asserted-by":"crossref","first-page":"e1808","DOI":"10.1002\/stvr.1808","article-title":"Automated black-box testing of nominal and error scenarios in RESTful APIs","author":"Corradini Davide","year":"2022","unstructured":"Davide Corradini, Amedeo Zampieri, Michele Pasqua, Emanuele Viglianisi, Michael Dallago, and Mariano Ceccato. 2022. Automated black-box testing of nominal and error scenarios in RESTful APIs. Softw. Test., Verific. Reliab 32, 5 (2022), e1808.","journal-title":"Softw. Test., Verific. Reliab"},{"key":"e_1_3_2_87_2","doi-asserted-by":"publisher","DOI":"10.1109\/4236.991449"},{"key":"e_1_3_2_88_2","doi-asserted-by":"publisher","DOI":"10.1109\/4235.996017"},{"key":"e_1_3_2_89_2","doi-asserted-by":"publisher","DOI":"10.1016\/S0304-3975(01)00182-7"},{"key":"e_1_3_2_90_2","first-page":"181","volume-title":"IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC\u201918)","author":"Ed-douibi Hamza","year":"2018","unstructured":"Hamza Ed-douibi, Javier Luis C\u00e1novas Izquierdo, and Jordi Cabot. 2018. Automatic generation of test cases for REST APIs: A specification-based approach. In IEEE 22nd International Enterprise Distributed Object Computing Conference (EDOC\u201918). 181\u2013190."},{"key":"e_1_3_2_91_2","doi-asserted-by":"publisher","DOI":"10.3390\/app12094369"},{"key":"e_1_3_2_92_2","first-page":"22","volume-title":"2nd ACM-IEEE International Symposium on Empirical Software Engineering and Measurement","author":"Engstr\u00f6m Emelie","year":"2008","unstructured":"Emelie Engstr\u00f6m, Mats Skoglund, and Per Runeson. 2008. Empirical evaluations of regression test selection techniques: A systematic review. In 2nd ACM-IEEE International Symposium on Empirical Software Engineering and Measurement. 22\u201331."},{"key":"e_1_3_2_93_2","doi-asserted-by":"publisher","DOI":"10.1145\/2740908.2743045"},{"key":"e_1_3_2_94_2","doi-asserted-by":"crossref","unstructured":"Roy Fielding Jim Gettys Jeffrey Mogul Henrik Frystyk Larry Masinter Paul Leach and Tim Berners-Lee. 1999. Hypertext Transfer Protocol\u2013HTTP\/1.1. (1999). [Online; Available:] Retrieved from https:\/\/www.rfc-editor.org\/rfc\/rfc2616?data1=dwnsb4B&data2=abmurltv2b. Accessed August 28 2023.","DOI":"10.17487\/rfc2616"},{"key":"e_1_3_2_95_2","doi-asserted-by":"publisher","DOI":"10.5555\/932295"},{"key":"e_1_3_2_96_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2012.14"},{"key":"e_1_3_2_97_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09711-y"},{"key":"e_1_3_2_98_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2020.110570"},{"key":"e_1_3_2_99_2","first-page":"e2452","article-title":"ExVivoMicroTest: ExVivo testing of microservices","author":"Gazzola Luca","year":"2022","unstructured":"Luca Gazzola, Maayan Goldstein, Leonardo Mariani, Marco Mobilio, Itai Segall, Alessandro Tundo, and Luca Ussi. 2022. ExVivoMicroTest: ExVivo testing of microservices. J. Softw.: Evolut. Process 35, 4 (2022), e2452.","journal-title":"J. Softw.: Evolut. Process"},{"key":"e_1_3_2_100_2","doi-asserted-by":"publisher","DOI":"10.1145\/3363824"},{"key":"e_1_3_2_101_2","first-page":"725","volume-title":"ACM Symposium on the Foundations of Software Engineering (ESEC\/FSE\u201920)","author":"Godefroid Patrice","year":"2020","unstructured":"Patrice Godefroid, Bo-Yuan Huang, and Marina Polishchuk. 2020. Intelligent REST API data fuzzing. In ACM Symposium on the Foundations of Software Engineering (ESEC\/FSE\u201920). ACM, 725\u2013736."},{"key":"e_1_3_2_102_2","first-page":"312","volume-title":"29th ACM SIGSOFT International Symposium on Software Testing and Analysis","author":"Godefroid Patrice","year":"2020","unstructured":"Patrice Godefroid, Daniel Lehmann, and Marina Polishchuk. 2020. Differential regression testing for REST APIs. In 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. 312\u2013323."},{"key":"e_1_3_2_103_2","doi-asserted-by":"publisher","DOI":"10.5281\/zenodo.8018888"},{"key":"e_1_3_2_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2004.1265732"},{"key":"e_1_3_2_105_2","first-page":"345","volume-title":"IEEE\/ACM 44th International Conference on Software Engineering (ICSE\u201922)","author":"Hatfield-Dodds Zac","year":"2022","unstructured":"Zac Hatfield-Dodds and Dmitry Dygalo. 2022. Deriving semantics-aware fuzzers from web API schemas. In IEEE\/ACM 44th International Conference on Software Engineering (ICSE\u201922). IEEE, 345\u2013346."},{"key":"e_1_3_2_106_2","first-page":"190","volume-title":"International Electronics Symposium (IES\u201921)","author":"Idris Muhammad","year":"2021","unstructured":"Muhammad Idris, Iwan Syarif, and Idris Winarno. 2021. Development of vulnerable web application based on OWASP API security risks. In International Electronics Symposium (IES\u201921). IEEE, 190\u2013194."},{"key":"e_1_3_2_107_2","first-page":"1164","volume-title":"27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering","author":"Karlsson Stefan","year":"2019","unstructured":"Stefan Karlsson. 2019. Exploratory test agents for stateful software systems. In 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. 1164\u20131167."},{"key":"e_1_3_2_108_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46399.2020.00023"},{"key":"e_1_3_2_109_2","first-page":"1","volume-title":"12th European Conference on Software Architecture","author":"Katt Basel","year":"2018","unstructured":"Basel Katt and Nishu Prasher. 2018. Quantitative security assurance metrics: REST API case studies. In 12th European Conference on Software Architecture. 1\u20137."},{"key":"e_1_3_2_110_2","first-page":"272","volume-title":"IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT\u201920)","author":"Khortiuk Yaroslav","year":"2020","unstructured":"Yaroslav Khortiuk, Galyna Kondratenko, Ievgen Sidenko, and Yuriy Kondratenko. 2020. Increasing reliability of programming interfaces based on fuzz testing. In IEEE 11th International Conference on Dependable Systems, Services and Technologies (DESSERT\u201920). IEEE, 272\u2013277."},{"key":"e_1_3_2_111_2","article-title":"Automated test generation for REST APIs: No time to rest yet","author":"Kim Myeongsoo","year":"2022","unstructured":"Myeongsoo Kim, Qi Xin, Saurabh Sinha, and Alessandro Orso. 2022. Automated test generation for REST APIs: No time to rest yet. arXiv preprint arXiv:2204.08348 (2022).","journal-title":"arXiv preprint arXiv:2204.08348"},{"key":"e_1_3_2_112_2","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534401"},{"key":"e_1_3_2_113_2","first-page":"77","volume-title":"12th ACM SIGPLAN Workshop on Erlang","author":"Seijas Pablo Lamela","year":"2013","unstructured":"Pablo Lamela Seijas, Huiqing Li, and Simon Thompson. 2013. Towards property-based testing of RESTful web services. In 12th ACM SIGPLAN Workshop on Erlang. ACM, 77\u201378."},{"key":"e_1_3_2_114_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3056505"},{"issue":"4","key":"e_1_3_2_115_2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3448977","article-title":"A systematic review on software robustness assessment","volume":"54","author":"Laranjeiro Nuno","year":"2021","unstructured":"Nuno Laranjeiro, Jo\u00e3o Agnelo, and Jorge Bernardino. 2021. A systematic review on software robustness assessment. ACM Comput. Surv. 54, 4 (2021), 1\u201365.","journal-title":"ACM Comput. Surv."},{"key":"e_1_3_2_116_2","article-title":"foREST: A tree-based approach for fuzzing RESTful APIs","author":"Lin Jiaxian","year":"2022","unstructured":"Jiaxian Lin, Tianyu Li, Yang Chen, Guangsheng Wei, Jiadong Lin, Sen Zhang, and Hui Xu. 2022. foREST: A tree-based approach for fuzzing RESTful APIs. arXiv preprint arXiv:2203.02906 (2022).","journal-title":"arXiv preprint arXiv:2203.02906"},{"key":"e_1_3_2_117_2","first-page":"683","volume-title":"24th Asia-Pacific Software Engineering Conference (APSEC\u201917)","author":"Liu Jing","year":"2017","unstructured":"Jing Liu and Wenjie Chen. 2017. Optimized test data generation for RESTful web service. In 24th Asia-Pacific Software Engineering Conference (APSEC\u201917). IEEE, 683\u2013688."},{"key":"e_1_3_2_118_2","first-page":"688","volume-title":"International Conference on Collaborative Computing: Networking, Applications and Worksharing","author":"Liu Jing","year":"2018","unstructured":"Jing Liu, Zhen-Tian Liu, and Yu-Qiang Zhao. 2018. CPN model based standard feature verification method for REST service architecture. In International Conference on Collaborative Computing: Networking, Applications and Worksharing. Springer, 688\u2013707."},{"key":"e_1_3_2_119_2","article-title":"Morest: Model-based RESTful API testing with execution feedback","author":"Liu Yi","year":"2022","unstructured":"Yi Liu, Yuekang Li, Gelei Deng, Yang Liu, Ruiyuan Wan, Runchao Wu, Dandan Ji, Shiheng Xu, and Minli Bao. 2022. Morest: Model-based RESTful API testing with execution feedback. arXiv preprint arXiv:2204.12148 (2022).","journal-title":"arXiv preprint arXiv:2204.12148"},{"key":"e_1_3_2_120_2","volume-title":"ACM\/IEEE International Conference on Software Engineering (ICSE\u201922)","author":"Liu Yi","year":"2022","unstructured":"Yi Liu, Yuekang Li, Gelei Deng, Yang Liu, Ruiyuan Wan, Runchao Wu, Dandan Ji, Shiheng Xu, and Minli Bao. 2022. Morest: Model-based RESTful API testing with execution feedback. In ACM\/IEEE International Conference on Software Engineering (ICSE\u201922)."},{"key":"e_1_3_2_121_2","first-page":"138","volume-title":"International Conference on Algorithms and Architectures for Parallel Processing","author":"Luo Gang","year":"2019","unstructured":"Gang Luo, Xi Zheng, Huai Liu, Rongbin Xu, Dinesh Nagumothu, Ranjith Janapareddi, Er Zhuang, and Xiao Liu. 2019. Verification of microservices using metamorphic testing. In International Conference on Algorithms and Architectures for Parallel Processing. Springer, 138\u2013152."},{"key":"e_1_3_2_122_2","first-page":"377","volume-title":"IEEE Conference on Software Testing, Verification and Validation (ICST\u201922)","author":"Mahmood Riyadh","year":"2022","unstructured":"Riyadh Mahmood, Jay Pennington, Danny Tsang, Tan Tran, and Andrea Bogle. 2022. A framework for automated API fuzzing at enterprise scale. In IEEE Conference on Software Testing, Verification and Validation (ICST\u201922). IEEE, 377\u2013388."},{"key":"e_1_3_2_123_2","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/978-981-16-8987-1_38","volume-title":"Innovations in Computer Science and Engineering","author":"Manikantan Vishnu","year":"2022","unstructured":"Vishnu Manikantan, Neeraj Menon, V. S. Vishnupriyan, Ansamma John, and N. K. Anantha Padmanabhan. 2022. Software tool to perform metamorphic testing on RESTful web APIs. In Innovations in Computer Science and Engineering. Springer, 355\u2013362."},{"key":"e_1_3_2_124_2","doi-asserted-by":"publisher","DOI":"10.1145\/3491038"},{"key":"e_1_3_2_125_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377812.3381388"},{"key":"e_1_3_2_126_2","volume-title":"ACM SRC Grand Finals","author":"Martin-Lopez Alberto","year":"2021","unstructured":"Alberto Martin-Lopez. 2021. ICSE: G: Automated management of inter-parameter dependencies in web APIs. In ACM SRC Grand Finals."},{"key":"e_1_3_2_127_2","first-page":"231","volume-title":"IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE\u201921)","author":"Martin-Lopez Alberto","year":"2021","unstructured":"Alberto Martin-Lopez, Andrea Arcuri, Sergio Segura, and Antonio Ruiz-Cort\u00e9s. 2021. Black-box and white-box test case generation for RESTful APIs: Enemies or allies? In IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE\u201921). IEEE, 231\u2013241."},{"key":"e_1_3_2_128_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2021.3050610"},{"key":"e_1_3_2_129_2","doi-asserted-by":"crossref","first-page":"399","DOI":"10.1007\/978-3-030-33702-5_31","volume-title":"International Conference on Service-oriented Computing","author":"Martin-Lopez Alberto","year":"2019","unstructured":"Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cort\u00e9s. 2019. A catalogue of inter-parameter dependencies in RESTful web APIs. In International Conference on Service-oriented Computing. Springer, 399\u2013414."},{"key":"e_1_3_2_130_2","first-page":"15","volume-title":"10th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation","author":"Martin-Lopez Alberto","year":"2019","unstructured":"Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cort\u00e9s. 2019. Test coverage criteria for RESTful web APIs. In 10th ACM SIGSOFT International Workshop on Automating TEST Case Design, Selection, and Evaluation. 15\u201321."},{"key":"e_1_3_2_131_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-65310-1_33"},{"key":"e_1_3_2_132_2","first-page":"682","volume-title":"ACM International Symposium on Software Testing and Analysis (ISSTA\u201921)","author":"Martin-Lopez Alberto","year":"2021","unstructured":"Alberto Martin-Lopez, Sergio Segura, and Antonio Ruiz-Cort\u00e9s. 2021. RESTest: Automated black-box testing of RESTful web APIs. In ACM International Symposium on Software Testing and Analysis (ISSTA\u201921). ACM, 682\u2013685."},{"key":"e_1_3_2_133_2","doi-asserted-by":"publisher","DOI":"10.1145\/3487043"},{"key":"e_1_3_2_134_2","first-page":"1","volume-title":"IEEE International Symposium on Technologies for Homeland Security (HST\u201915)","author":"Masood Adnan","year":"2015","unstructured":"Adnan Masood and Jim Java. 2015. Static analysis for web service security\u2014Tools & techniques for a secure development life cycle. In IEEE International Symposium on Technologies for Homeland Security (HST\u201915). IEEE, 1\u20136."},{"key":"e_1_3_2_135_2","first-page":"9","volume-title":"IEEE\/ACM 3rd International Workshop on Deep Learning for Testing and Testing for Deep Learning (DeepTest\u201921)","author":"Mirabella A. Giuliano","year":"2021","unstructured":"A. Giuliano Mirabella, Alberto Martin-Lopez, Sergio Segura, Luis Valencia-Cabrera, and Antonio Ruiz-Cort\u00e9s. 2021. Deep learning-based prediction of test input validity for RESTful APIs. In IEEE\/ACM 3rd International Workshop on Deep Learning for Testing and Testing for Deep Learning (DeepTest\u201921). IEEE, 9\u201316."},{"key":"e_1_3_2_136_2","first-page":"127","volume-title":"14th International Conference on Quality Software","author":"Mostafa Shaikh","year":"2014","unstructured":"Shaikh Mostafa and Xiaoyin Wang. 2014. An empirical study on the usage of mocking frameworks in software testing. In 14th International Conference on Quality Software. IEEE, 127\u2013132."},{"issue":"2","key":"e_1_3_2_137_2","doi-asserted-by":"crossref","first-page":"6","DOI":"10.5296\/npa.v6i2.5360","article-title":"REST service testing based on inferred XML schemas","volume":"6","author":"Baltasar Alvaro Navas","year":"2014","unstructured":"Alvaro Navas Baltasar, Pedro Capelastegui de la Concha, Francisco Huertas Ferrer, Pablo Alonso Rodr\u00edguez, and Juan Carlos Due\u00f1as Lopez. 2014. REST service testing based on inferred XML schemas. Netw. Protoc. Algor. 6, 2 (2014), 6\u201321.","journal-title":"Netw. Protoc. Algor."},{"key":"e_1_3_2_138_2","article-title":"An analysis of public REST web service APIs","author":"Neumann Andy","year":"2018","unstructured":"Andy Neumann, Nuno Laranjeiro, and Jorge Bernardino. 2018. An analysis of public REST web service APIs. IEEE Trans. Serv. Comput. 14, 4 (2018).","journal-title":"IEEE Trans. Serv. Comput."},{"key":"e_1_3_2_139_2","doi-asserted-by":"publisher","DOI":"10.5555\/2904388"},{"key":"e_1_3_2_140_2","unstructured":"Samuel Oloruntoba. 2021. SOLID: The First 5 Principles of Object Oriented Design. Retrieved from https:\/\/www.digitalocean.com\/community\/conceptual_articles\/s-o-l-i-d-the-first-five-principles-of-object-oriented-design"},{"key":"e_1_3_2_141_2","volume-title":"44th International Conference on Software Engineering Companion","author":"Olsthoorn Mitchell","year":"2022","unstructured":"Mitchell Olsthoorn. 2022. More effective test case generation with multiple tribes of AI. In 44th International Conference on Software Engineering Companion."},{"issue":"2","key":"e_1_3_2_142_2","first-page":"1","article-title":"Test case selection and prioritization using machine learning: A systematic literature review","volume":"27","author":"Pan Rongqi","year":"2022","unstructured":"Rongqi Pan, Mojtaba Bagherzadeh, Taher A. Ghaleb, and Lionel Briand. 2022. Test case selection and prioritization using machine learning: A systematic literature review. Empir. Softw. Eng. 27, 2 (2022), 1\u201343.","journal-title":"Empir. Softw. Eng."},{"key":"e_1_3_2_143_2","doi-asserted-by":"publisher","DOI":"10.1145\/3476105"},{"key":"e_1_3_2_144_2","volume-title":"Brazilian Workshop on Systematic and Automated Software Testing","author":"Pinheiro Pedro Victor Pontes","year":"2013","unstructured":"Pedro Victor Pontes Pinheiro, Andre Takeshi Endo, and Adenilso Simao. 2013. Model-based testing of RESTful web services using UML protocol state machines. In Brazilian Workshop on Systematic and Automated Software Testing."},{"key":"e_1_3_2_145_2","volume-title":"Spring Microservices","author":"Rajesh R. V.","year":"2016","unstructured":"R. V. Rajesh. 2016. Spring Microservices. Packt Publishing Ltd."},{"key":"e_1_3_2_146_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2021.107246"},{"key":"e_1_3_2_147_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2532875"},{"key":"e_1_3_2_148_2","article-title":"Metamorphic testing of RESTful web APIs","author":"Segura Sergio","year":"2017","unstructured":"Sergio Segura, Jos\u00e9 A. Parejo, Javier Troya, and Antonio Ruiz-Cort\u00e9s. 2017. Metamorphic testing of RESTful web APIs. IEEE Trans. Softw. Eng. 44, 11 (2017).","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_2_149_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2016.01.017"},{"key":"e_1_3_2_150_2","doi-asserted-by":"crossref","first-page":"237","DOI":"10.1007\/978-981-15-0146-3_24","volume-title":"Inventive Communication and Computational Technologies","author":"Soni Anshu","year":"2020","unstructured":"Anshu Soni, Virender Ranga, and Sandeep Jadhav. 2020. MockRest\u2014A generic approach for automated mock framework for REST APIs generation. In Inventive Communication and Computational Technologies. Springer, 237\u2013255."},{"key":"e_1_3_2_151_2","first-page":"1116","volume-title":"IEEE 31st International Conference on Advanced Information Networking and Applications (AINA\u201917)","author":"Sotiriadis Stelios","year":"2017","unstructured":"Stelios Sotiriadis, Andrus Lehmets, Euripides G. M. Petrakis, and Nik Bessis. 2017. Unit and integration testing of modular cloud services. In IEEE 31st International Conference on Advanced Information Networking and Applications (AINA\u201917). IEEE, 1116\u20131123."},{"key":"e_1_3_2_152_2","doi-asserted-by":"crossref","first-page":"819","DOI":"10.1007\/978-3-319-54978-1_101","volume-title":"Information Technology\u2014New Generations","author":"Sotiriadis Stelios","year":"2018","unstructured":"Stelios Sotiriadis, Andrus Lehmets, Euripides G. M. Petrakis, and Nik Bessis. 2018. Testing cloud services using the TestCast tool. In Information Technology\u2014New Generations. Springer, 819\u2013824."},{"key":"e_1_3_2_153_2","article-title":"Improving test case generation for REST APIs through hierarchical clustering","author":"Stallenberg Dimitri","year":"2021","unstructured":"Dimitri Stallenberg, Mitchell Olsthoorn, and Annibale Panichella. 2021. Improving test case generation for REST APIs through hierarchical clustering. arXiv preprint arXiv:2109.06655 (2021).","journal-title":"arXiv preprint arXiv:2109.06655"},{"key":"e_1_3_2_154_2","volume-title":"Fuzzing: Brute Force Vulnerability Discovery","author":"Sutton Michael","year":"2007","unstructured":"Michael Sutton, Adam Greene, and Pedram Amini. 2007. Fuzzing: Brute Force Vulnerability Discovery. Pearson Education."},{"key":"e_1_3_2_155_2","first-page":"131","volume-title":"IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW\u201919)","author":"Takeda Tomohiro","year":"2019","unstructured":"Tomohiro Takeda, Masakazu Takahashi, Tsuyoshi Yumoto, Satoshi Masuda, Tohru Matsuodani, and Kazuhiko Tsuda. 2019. Applying change impact analysis test to migration test case extraction based on IDAU and graph analysis techniques. In IEEE International Conference on Software Testing, Verification and Validation Workshops (ICSTW\u201919). IEEE, 131\u2013139."},{"key":"e_1_3_2_156_2","first-page":"291","volume-title":"IEEE 21st International Conference on Software Quality, Reliability and Security (QRS\u201921)","author":"Tsai Chung-Hsuan","year":"2021","unstructured":"Chung-Hsuan Tsai, Shi-Chun Tsai, and Shih-Kun Huang. 2021. REST API fuzzing by coverage level guided blackbox testing. In IEEE 21st International Conference on Software Quality, Reliability and Security (QRS\u201921). IEEE, 291\u2013300."},{"key":"e_1_3_2_157_2","article-title":"ARTE: Automated generation of realistic test inputs for web APIs","author":"Valenzuela Juan Carlos Alonso","year":"2022","unstructured":"Juan Carlos Alonso Valenzuela, Alberto Martin-Lopez, Sergio Segura, Jose Maria Garcia, and Antonio Ruiz-Cortes. 2022. ARTE: Automated generation of realistic test inputs for web APIs. IEEE Trans. Softw. Eng. 49, 1 (2022).","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_2_158_2","first-page":"498","volume-title":"IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C\u201920)","author":"Vassiliou-Gioles Theofanis","year":"2020","unstructured":"Theofanis Vassiliou-Gioles. 2020. A simple, lightweight framework for testing RESTful services with TTCN-3. In IEEE 20th International Conference on Software Quality, Reliability and Security Companion (QRS-C\u201920). IEEE, 498\u2013505."},{"key":"e_1_3_2_159_2","first-page":"01","volume-title":"IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C\u201921)","author":"Vassiliou-Gioles Theofanis","year":"2021","unstructured":"Theofanis Vassiliou-Gioles. 2021. Quality assurance of micro-services-when to trust your micro-service test results? In IEEE 21st International Conference on Software Quality, Reliability and Security Companion (QRS-C\u201921). IEEE, 01\u201306."},{"key":"e_1_3_2_160_2","doi-asserted-by":"crossref","first-page":"189","DOI":"10.1007\/978-3-031-04673-5_15","volume-title":"IFIP International Conference on Testing Software and Systems","author":"Vassiliou-Gioles Theofanis","year":"2022","unstructured":"Theofanis Vassiliou-Gioles. 2022. Solving the instance identification problem in micro-service testing. In IFIP International Conference on Testing Software and Systems. Springer, 189\u2013195."},{"key":"e_1_3_2_161_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST46399.2020.00024"},{"key":"e_1_3_2_162_2","first-page":"404","volume-title":"International Conference on Web Information Systems and Technologies (WEBIST\u201918)","author":"Vu Henry","year":"2018","unstructured":"Henry Vu, Tobias Fertig, and Peter Braun. 2018. Automation of integration testing of RESTful hypermedia systems: A model-driven approach. In International Conference on Web Information Systems and Technologies (WEBIST\u201918). 404\u2013411."},{"key":"e_1_3_2_163_2","first-page":"1881","volume-title":"the Web Conference","author":"Vu Henry","year":"2018","unstructured":"Henry Vu, Tobias Fertig, and Peter Braun. 2018. Verification of hypermedia characteristic of restful finite-state machines. In the Web Conference. 1881\u20131886."},{"issue":"4","key":"e_1_3_2_164_2","doi-asserted-by":"crossref","first-page":"301","DOI":"10.13052\/jwe1540-9589.18465","article-title":"Model-driven integration testing of hypermedia systems","volume":"18","author":"Vu Henry","year":"2019","unstructured":"Henry Vu, Tobias Fertig, and Peter Braun. 2019. Model-driven integration testing of hypermedia systems. J. Web Eng. 18, 4 (2019), 301\u2013480.","journal-title":"J. Web Eng."},{"key":"e_1_3_2_165_2","first-page":"133","volume-title":"IEEE 3rd International Conference on Big Data Security on Cloud (BIGDATASECURITY), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS)","author":"Wenhui Hu","year":"2017","unstructured":"Hu Wenhui, Huang Yu, Liu Xueyang, and Xu Chen. 2017. Study on REST API test model supporting web service integration. In IEEE 3rd International Conference on Big Data Security on Cloud (BIGDATASECURITY), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS). IEEE, 133\u2013138."},{"issue":"6","key":"e_1_3_2_166_2","doi-asserted-by":"crossref","first-page":"676","DOI":"10.22201\/icat.24486736e.2021.19.6.924","article-title":"REST API composition for effectively testing the cloud","volume":"19","author":"Wolde Behailu Getachew","year":"2021","unstructured":"Behailu Getachew Wolde and Abiot Sinamo Boltana. 2021. REST API composition for effectively testing the cloud. J. Appl. Res. Technol. 19, 6 (2021), 676\u2013693.","journal-title":"J. Appl. Res. Technol."},{"key":"e_1_3_2_167_2","volume-title":"ACM\/IEEE International Conference on Software Engineering (ICSE\u201922)","author":"Wu Huayao","year":"2022","unstructured":"Huayao Wu, Lixin Xu, Xintao Niu, and Changhai Nie. 2022. Combinatorial testing of RESTful APIs. In ACM\/IEEE International Conference on Software Engineering (ICSE\u201922)."},{"key":"e_1_3_2_168_2","first-page":"734","volume-title":"IEEE International Conference on Web Services (ICWS\u201921)","author":"Yamamoto Koji","year":"2021","unstructured":"Koji Yamamoto. 2021. Efficient penetration of API sequences to test stateful RESTful services. In IEEE International Conference on Web Services (ICWS\u201921). IEEE, 734\u2013740."},{"key":"e_1_3_2_169_2","first-page":"342","volume-title":"International Conference on Software Engineering and Knowledge Engineering (SEKE\u201920)","author":"Yamamoto Koji","year":"2020","unstructured":"Koji Yamamoto, Takao Nakagawa, Shogo Tokui, and Kazuki Munakata. 2020. Call sequence list distiller for practical stateful API testing. In International Conference on Software Engineering and Knowledge Engineering (SEKE\u201920). 342\u2013346."},{"key":"e_1_3_2_170_2","volume-title":"Network and Distributed Systems Security (NDSS\u201922) Symposium","author":"Zha Mingming","year":"2022","unstructured":"Mingming Zha. 2022. Hazard integrated: Understanding security risks in app extensions to team chat systems. In Network and Distributed Systems Security (NDSS\u201922) Symposium."},{"key":"e_1_3_2_171_2","first-page":"548","volume-title":"13th International Conference on Computational Intelligence and Security (CIS\u201917)","author":"Zhang Bin","year":"2017","unstructured":"Bin Zhang, Jiaxi Ye, Chao Feng, and Chaojing Tang. 2017. S2F: Discover hard-to-reach vulnerabilities by semi-symbolic fuzz testing. In 13th International Conference on Computational Intelligence and Security (CIS\u201917). IEEE, 548\u2013552."},{"issue":"1","key":"e_1_3_2_172_2","article-title":"Adaptive hypermutation for search-based system test generation: A study on REST APIs with EvoMaster","volume":"31","author":"Zhang Man","year":"2021","unstructured":"Man Zhang and Andrea Arcuri. 2021. Adaptive hypermutation for search-based system test generation: A study on REST APIs with EvoMaster. ACM Trans. Softw. Eng. Methodol. 31, 1 (2021).","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"e_1_3_2_173_2","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1007\/978-3-030-88106-1_8","volume-title":"International Symposium on Search-based Software Engineering","author":"Zhang Man","year":"2021","unstructured":"Man Zhang and Andrea Arcuri. 2021. Enhancing resource-based test case generation for RESTful APIs with SQL handling. In International Symposium on Search-based Software Engineering. Springer, 103\u2013117."},{"key":"e_1_3_2_174_2","article-title":"Open problems in fuzzing RESTful APIs: A comparison of tools","author":"Zhang Man","year":"2022","unstructured":"Man Zhang and Andrea Arcuri. 2022. Open problems in fuzzing RESTful APIs: A comparison of tools. arXiv preprint arXiv:2205.05325 (2022).","journal-title":"arXiv preprint arXiv:2205.05325"},{"key":"e_1_3_2_175_2","doi-asserted-by":"publisher","DOI":"10.1145\/3597205"},{"key":"e_1_3_2_176_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST53961.2022.00022"},{"key":"e_1_3_2_177_2","doi-asserted-by":"crossref","first-page":"1426","DOI":"10.1145\/3321707.3321815","volume-title":"Genetic and Evolutionary Computation Conference","author":"Zhang Man","year":"2019","unstructured":"Man Zhang, Bogdan Marculescu, and Andrea Arcuri. 2019. Resource-based test case generation for RESTful web services. In Genetic and Evolutionary Computation Conference. 1426\u20131434."},{"key":"e_1_3_2_178_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-020-09937-1"},{"key":"e_1_3_2_179_2","first-page":"1","volume-title":"4th International Symposium on Computer Science and Intelligent Control","author":"Zhao Chunhui","year":"2020","unstructured":"Chunhui Zhao, Zhili Wang, and Xiao Zhang. 2020. Semantic-oriented automatic generation method of REST interface test cases. In 4th International Symposium on Computer Science and Intelligent Control. 1\u20136."}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617175","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3617175","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:07Z","timestamp":1750178167000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3617175"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,24]]},"references-count":178,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,1,31]]}},"alternative-id":["10.1145\/3617175"],"URL":"https:\/\/doi.org\/10.1145\/3617175","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,11,24]]},"assertion":[{"value":"2022-12-30","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-07-24","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-11-24","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}