Augmenting API Security Testing with Automated LLM-Driven Test Generation

Publications

Augmenting API Security Testing with Automated LLM-Driven Test Generation

Augmenting API Security Testing with Automated LLM-Driven Test Generation
Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei

Abstract. API security testing is an essential step in modern software development, but manually crafting comprehensive test suites for security vulnerabilities is time-consuming and prone to human bias. This paper proposes a framework that augments API security testing with Large Language Model (LLM) driven automated test generation. The approach leverages LLMs to interpret OpenAPI specifications and produce contextually relevant security test cases that target common vulnerability classes (injection, broken object level authorization, mass assignment, etc.). The generated tests are integrated with established API testing pipelines to provide continuous and reproducible security validation. Initial experimental results indicate that the LLM-driven generation expands the coverage of security tests beyond what is typically achievable with rule-based or human-written test suites.

Keywords: API security; large language models; automated test generation; OWASP API Top 10; software testing

📋 Cite this publication



Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei, "Augmenting API Security Testing with Automated LLM-Driven Test Generation", Proc. 17th Int. Conf. on Computational Intelligence in Security for Information Systems (CISIS 2024), 2024, 2023.


Reference: Proc. 17th Int. Conf. on Computational Intelligence in Security for Information Systems (CISIS 2024), 2024.

Guide in Designing an Asynchronous Performance-Centric Framework for Heterogeneous Microservices in Time-Critical Cybersecurity Applications. The BIECO Use Case

Guide in Designing an Asynchronous Performance-Centric Framework for Heterogeneous Microservices in Time-Critical Cybersecurity Applications. The BIECO Use Case

The generalized traveling salesman problem (GTSP) is an extension of the classical traveling salesman
problem (TSP), and it is among the most researched combinatorial optimization problems due to its theoretical properties, complexity aspects, and real-life applications in various areas: location-routing problems, material flow design problem, distribution of medical supplies, urban waste collection management, airport selection and routing the courier airplanes, image retrieval and ranking, digital garment manufacturing, etc.

read more
Trend-Enabled Recommender System with Diversity Enhancer for Crop Recommendation

Trend-Enabled Recommender System with Diversity Enhancer for Crop Recommendation

,

The generalized traveling salesman problem (GTSP) is an extension of the classical traveling salesman
problem (TSP), and it is among the most researched combinatorial optimization problems due to its theoretical properties, complexity aspects, and real-life applications in various areas: location-routing problems, material flow design problem, distribution of medical supplies, urban waste collection management, airport selection and routing the courier airplanes, image retrieval and ranking, digital garment manufacturing, etc.

read more

Other publications

0 Comments