What are the type of faults that can be detected with this tool?

WebFuzzing / EvoMaster

The first open-source AI-driven tool for automatically generating system-level test cases (also known as fuzzing) for web/enterprise applications. Currently targeting whitebox and blackbox testing of Web APIs, like REST, GraphQL and RPC (e.g., gRPC and Thrift).

GNU Lesser General Public License v3.0

504 stars 83 forks source link

What are the type of faults that can be detected with this tool? #711

Open BigMasterGithub opened 1 year ago

BigMasterGithub commented 1 year ago

Hello, what problems can this tool find in the api? Can we find the security problems in the api through the generated test cases? For example, SQL injection, identity authentication, etc? I learned from your document that the function is to generate some test cases for each api. These test cases have a return status code 500 and some 4xx examples. Can you find other security problems? Thanks !

arcuri82 commented 1 year ago

Hi, thanks for your interest in EM. Currently, EM finds issues related to 500 status code and schema mismatches. We do not handle any security issue, although it is working in progress