Fuzzing to improve the security and reliability of cloud services with RESTler

In the past few years, cloud services have experienced tremendous growth. Most of these services are programmatically accessed through REST APIs. As the pace of development increases, both the APIs and service implementations are evolving rapidly. There is an urgent need for automated tools to test the reliability and security of cloud services that can keep up with today’s fast-paced service development and deployment—tools that provide the necessary level of automation and coverage for the growing number of APIs being deployed across the web.

In this webinar, join Marina Polishchuk, a Software Engineer at Microsoft Research, in exploring how RESTler—the first stateful REST API fuzzer—can help efficiently find security and reliability bugs in cloud services. RESTler analyzes a Swagger/OpenAPI specification and produces a fuzzing grammar that contains information about requests and their dependencies. RESTler only fuzzes a request if all its dependent resources have been successfully created—this enables RESTler to achieve deeper coverage out of the box. RESTler also offers a pluggable model for checking security properties. RESTler is open source and available at its GitHub repository.

Together, you’ll explore:

How to use RESTler to fuzz a cloud service
The types of bugs that can be discovered through the REST API and their security impact
How RESTler addresses the challenges of testing large, complex services through their REST APIs

Resource list: