Augmenting API Security Testing with Automated LLM-Driven Test Generation
Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei

Abstract. API security testing is an essential step in modern software development, but manually crafting comprehensive test suites for security vulnerabilities is time-consuming and prone to human bias. This paper proposes a framework that augments API security testing with Large Language Model (LLM) driven automated test generation. The approach leverages LLMs to interpret OpenAPI specifications and produce contextually relevant security test cases that target common vulnerability classes (injection, broken object level authorization, mass assignment, etc.). The generated tests are integrated with established API testing pipelines to provide continuous and reproducible security validation. Initial experimental results indicate that the LLM-driven generation expands the coverage of security tests beyond what is typically achievable with rule-based or human-written test suites.

Keywords: API security; large language models; automated test generation; OWASP API Top 10; software testing

Emil Marian Pasca, Rudolf Erdei, Daniela Delinschi, Oliviu Matei, "Augmenting API Security Testing with Automated LLM-Driven Test Generation", Proc. 17th Int. Conf. on Computational Intelligence in Security for Information Systems (CISIS 2024), 2024, 2023.

Reference: Proc. 17th Int. Conf. on Computational Intelligence in Security for Information Systems (CISIS 2024), 2024.

Other publications