LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience

Publications

LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience

LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience
Emil Marian Pasca, Daniela Delinschi, Rudolf Erdei, Oliviu Matei

Abstract. This paper introduces Karate-BOLA-Guard, an LLM-driven, self-improving framework for security test automation that leverages the Karate DSL to enhance API resilience. The framework combines Large Language Models with Retrieval-Augmented Generation (RAG) techniques to automatically synthesize security-focused test cases, with particular emphasis on Broken Object Level Authorization (BOLA) and related authorization issues. A feedback loop allows the system to refine the generated tests based on past execution results, vulnerability reports and updated API specifications. Experimental results on representative APIs demonstrate that the framework substantially increases security test coverage and detection rates while reducing manual effort, contributing to more resilient and continuously protected APIs.

Keywords: API security; LLM; Karate DSL; BOLA; self-improving frameworks; security test automation

📋 Cite this publication



Emil Marian Pasca, Daniela Delinschi, Rudolf Erdei, Oliviu Matei, "LLM-Driven, Self-Improving Framework for Security Test Automation: Leveraging Karate DSL for Augmented API Resilience", IEEE Access, vol. 13, 2025, 2023. DOI: https://doi.org/10.1109/ACCESS.2025.3554960.


Reference: IEEE Access, vol. 13, 2025. DOI: 10.1109/ACCESS.2025.3554960

Other publications

0 Comments