FUZZ TESTING OF DJANGO REST API
DOI:
https://doi.org/10.24867/26BE27MajstorovicKeywords:
Event logging, system testing, vulnerability remediationAbstract
This paper presents fuzz testing of the Django REST API on an application that represents a social website for mutual communication and content sharing. This paper describes the entire architecture of the Django application testing system, which consists of the OWASP ZAP tool - supports Fuzz testing and the Elastic stack (Filebeat, ElasticSearch and Kibana) - a collection of three different projects intended for the analysis of test results. The configuration of all the tools, platform and framework necessary for fuzz testing the Django application is described in detail. After that, fuzz tests of the Django application were performed. The test results were analyzed.
References
[1] “Automated Software Testing. 1999”, Dustin, E.
[2] “Detekcija sigurnosnih propusta faz testiranjem”, Univerzitet u Novom Sadu, Fakultet tehničkih nauka, 2013, Nikolić Aleksandar, Sladić Goran, Milosavljević Branko, Konjović Zora.
[3] “REST API Fuzzing by Coverage Level Guided Blackbox Testing”, Chung-Hsuan Tsai Shi-Chun Tsai; Shih-Kun Huang, 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
[4] ”Fuzz testiranje REST API-ja”, Univerzitet u Novom Sadu, Fakultet tehničkih nauka 2021, Tamara Veličković
[5] “Metode I tehnike testiranja softvera” 2021, Sveučilište u Zagrebu Ekonomski fakultet Zagreb, Informatički menadžment, Andreja Mamić
[6] “Neke metode za automatizovano testiranje softvera”, Univerzitet u Beogradu Matematički fakultet, Kruna Matijevic
[7] “Primena Fuzz testiranja na DMS softver po SDL metodologiji” Univerzitet u Novom Sadu, Fakultet tehničkih nauka, 2010, Kristina Stojaković
[8] What is Fuzzing, © 2017 Synopsys, Inc, https://www.synopsys.com/content/dam/synopsys/sig-assets/whitepapers/what-is-fuzzing.pdf
[9] “Study of the techniques used by OWASP ZAP for analysis of vulnerabilities in web applications”, 2022, Linköping University | Department of Computer and Information Science, Adam Jakobsson
[10 ]”SCADA STATISTICS MONITORING USING THE Elastic Stack (Elasticsearch, Logstash, Kibana)”, 2017, James Hamilton, Brad Schofield, Manuel Gonzalez Berges, Jean-Charles Tournier CERN, Geneva, Switzerland
[11] ”Elasticsearch: The Definitive Guide: A Distributed Real-Time Search and analytics engine”, 2015, Clinton Gormley, Zachary Tong
[12] “Kibana 7 Quick Start Guide: Visualize your Elasticsearch data with ease”, 2019, Anurag Srivastava
[13] “Beginning Django Web Application Development and Deployment with Python”, 2017, Daniel Rubio
[14] “Using Sqlite”, 2010, Jay A. Kreibich
[2] “Detekcija sigurnosnih propusta faz testiranjem”, Univerzitet u Novom Sadu, Fakultet tehničkih nauka, 2013, Nikolić Aleksandar, Sladić Goran, Milosavljević Branko, Konjović Zora.
[3] “REST API Fuzzing by Coverage Level Guided Blackbox Testing”, Chung-Hsuan Tsai Shi-Chun Tsai; Shih-Kun Huang, 2021 IEEE 21st International Conference on Software Quality, Reliability and Security (QRS)
[4] ”Fuzz testiranje REST API-ja”, Univerzitet u Novom Sadu, Fakultet tehničkih nauka 2021, Tamara Veličković
[5] “Metode I tehnike testiranja softvera” 2021, Sveučilište u Zagrebu Ekonomski fakultet Zagreb, Informatički menadžment, Andreja Mamić
[6] “Neke metode za automatizovano testiranje softvera”, Univerzitet u Beogradu Matematički fakultet, Kruna Matijevic
[7] “Primena Fuzz testiranja na DMS softver po SDL metodologiji” Univerzitet u Novom Sadu, Fakultet tehničkih nauka, 2010, Kristina Stojaković
[8] What is Fuzzing, © 2017 Synopsys, Inc, https://www.synopsys.com/content/dam/synopsys/sig-assets/whitepapers/what-is-fuzzing.pdf
[9] “Study of the techniques used by OWASP ZAP for analysis of vulnerabilities in web applications”, 2022, Linköping University | Department of Computer and Information Science, Adam Jakobsson
[10 ]”SCADA STATISTICS MONITORING USING THE Elastic Stack (Elasticsearch, Logstash, Kibana)”, 2017, James Hamilton, Brad Schofield, Manuel Gonzalez Berges, Jean-Charles Tournier CERN, Geneva, Switzerland
[11] ”Elasticsearch: The Definitive Guide: A Distributed Real-Time Search and analytics engine”, 2015, Clinton Gormley, Zachary Tong
[12] “Kibana 7 Quick Start Guide: Visualize your Elasticsearch data with ease”, 2019, Anurag Srivastava
[13] “Beginning Django Web Application Development and Deployment with Python”, 2017, Daniel Rubio
[14] “Using Sqlite”, 2010, Jay A. Kreibich
Downloads
Published
2024-03-04
Issue
Section
Electrotechnical and Computer Engineering
