From 7038983b4bf95b1b035735b56fb13afc862832c1 Mon Sep 17 00:00:00 2001 From: Rafael Oliveira Date: Fri, 11 Oct 2024 11:27:47 +0200 Subject: [PATCH] switch CATS for Schemathesis Co-authored-by: Sofia Edvardsson --- .../rmfseo-sofiaedv/README.md | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/contributions/executable-tutorial/rmfseo-sofiaedv/README.md b/contributions/executable-tutorial/rmfseo-sofiaedv/README.md index 50c15c103..b4c857ea1 100644 --- a/contributions/executable-tutorial/rmfseo-sofiaedv/README.md +++ b/contributions/executable-tutorial/rmfseo-sofiaedv/README.md @@ -2,7 +2,7 @@ ## Title -REST API Fuzzing using CATS +REST API Fuzzing using Schemathesis ## Names and KTH ID @@ -29,14 +29,13 @@ that in a systematic fashion. Thus, we propose creating an executable tutorial that can pedagogically introduce developers unacquainted with these techniques to a specific workflow that they might use later in their professional lives. In particular, we wish to -introduce learners to the [CATS](https://endava.github.io/cats) tool (Contract -API Testing and Security), which allows for automated fuzzing of REST APIs based -on an OpenAPI contract document. +introduce learners to the [Schemathesis](https://schemathesis.io) tool, which +allows for automated fuzzing of REST APIs based on an OpenAPI contract document. We will include a simple sample project with non-obvious logic errors, guide the -user to run CATS and explore the potential vulnerabilities it detects, as well -as show them how to use the information reported to easily fix or mitigate the -problems in question. +user to run Schemathesis and explore the potential vulnerabilities it detects, +as well as show them how to use the information reported to easily fix or +mitigate the problems in question. **Relevance** @@ -44,6 +43,6 @@ Automated fuzzing, especially in this particular context of REST APIs, is at the heart of automated testing, which we have discussed in week 2 of this course and is essential to allow for effective Continuous Integration without compromising robustness. Our proposed tutorial hopes to demonstrate how to use a tool like -CATS as a key component in a testing pipeline to complement human-written and -human-driven tests to ensure all stakeholders have confidence in the system's -continuous reliability. +Schemathesis as a key component in a testing pipeline to complement +human-written and human-driven tests to ensure all stakeholders have confidence +in the system's continuous reliability.