REST-ler: Automatic Intelligent REST API Fuzzing

Look at what this thing does:

  • Reads Swagger specs

  • Builds test cases in a generational fashion

  • Encodes grammar in executable code

  • Distinguishes patterns

  • Recognizes stuff like IDs automatically

  • Builds exec path analysis and does feedback-driven fuzzing

That thing scales, basically runs itself, can be dropped into any CI/CD system trivially, you can check for spec change vs execution change, that’s insane.

Looks like they looked at the stuff that was available on the market and decided to make their own. That thing has market value up the wazoo, you’re not going to see a public release anytime soon, sadly.

Leave a Reply