Trailblazer: Practical End-to-end Web API Fuzzing (Registered Report)

There are two key challenges in automatically testing web APIs: (a) determine where to send API requests and (b) identify how to make a valid payload for a given request. Both challenges are sometimes addressed by the presence of a machine-parseable API specification (such as an OpenAPI specification). However, most web applications lack such a specification—making automatic testing hard.