Results of the summarizing process for the arXiv paper: 2302.11150v1

The microservice software architecture has gained popularity due to its scalability and efficiency compared to monolithic designs. However, the adoption of microservices also introduces unique security concerns. To address these issues, we propose Microusity, a tool specifically designed for testing RESTful APIs in a microservice pattern called back end for front end (BFF). Microusity utilizes a novel approach to trace BFF requests by mapping the port connections between BFF requests and the sub-requests sent to back-end microservices. This allows developers to pinpoint which specific back-end service is causing internal server errors, which could potentially lead to unhandled errors or vulnerabilities. The tool provides an error report that includes an overall test summary, the number of error responses from both the BFF and back-end microservices, and a request sequence categorized into different types of issues. Additionally, Microusity offers a graph report that visualizes the relationship between main requests, sub-requests, and their corresponding responses. This graph report helps developers easily trace connections between requests and identify any exception message leakage or HTTP 5xx responses indicating server errors. To evaluate the effectiveness of Microusity, we conducted a user evaluation with eight software practitioners. The evaluation included demonstrations and interviews to assess the ease of understanding and usefulness of the tool. Overall, participants found Microusity's error reports and graph visualization valuable for investigating and understanding problems in BFF systems. For more information about Microusity and access to the prototype tool and video demo, please visit our GitHub repository at https://github.com/MUICT-SERU/MICROUSITY.

• - Microservice software architecture is popular for its scalability and efficiency compared to monolithic designs
• - Adoption of microservices introduces unique security concerns
• - Microusity is a tool designed for testing RESTful APIs in a microservice pattern called back end for front end (BFF)
• - Microusity traces BFF requests by mapping port connections between BFF requests and sub-requests sent to back-end microservices
• - The tool helps pinpoint specific back-end services causing internal server errors, unhandled errors, or vulnerabilities
• - Provides an error report with overall test summary, number of error responses from BFF and back-end microservices, and categorized request sequence
• - Offers a graph report that visualizes the relationship between main requests, sub-requests, and their corresponding responses
• - Graph report helps trace connections between requests and identify exception message leakage or HTTP 5xx responses indicating server errors
• - User evaluation with eight software practitioners found Microusity's error reports and graph visualization valuable for investigating and understanding problems in BFF systems.

Microservice software architecture is a way of designing computer programs that makes them work faster and better. It is different from other designs because it can handle more things at once. When we use microservices, we need to be careful about keeping everything safe and secure. Microusity is a special tool that helps us test and check if our microservices are working correctly. It can find problems in the parts of the program that connect to the main part. The tool gives us a report with information about errors and shows us how everything is connected. Some people who work with software tried using Microusity and found it very helpful for fixing problems."

The Rise of Microservices and the Need for Secure Testing Tools

In recent years, the microservice software architecture has gained popularity among developers due to its scalability and efficiency compared to traditional monolithic designs. This approach involves breaking down large applications into smaller, independent services that communicate with each other through APIs. However, while microservices offer many benefits, they also introduce unique security concerns that must be addressed. To address these issues, a team of researchers from Mahidol University in Thailand has developed a tool called Microusity specifically designed for testing RESTful APIs in a microservice pattern known as back end for front end (BFF). In their research paper titled "Microusity: A Tool for Testing BFF-based Microservices", they propose a novel approach to trace BFF requests by mapping port connections between BFF requests and sub-requests sent to back-end microservices.

The Importance of Secure Testing in Microservice Architecture

As more companies adopt microservices, it becomes increasingly important to ensure the security and stability of these systems. Unlike monolithic architectures where all components are tightly coupled, microservices are loosely coupled and communicate through APIs. This introduces potential vulnerabilities if not properly tested and secured. Traditional testing tools may not be suitable for microservice architectures as they often focus on individual components rather than the system as a whole. Additionally, since each service is responsible for its own functionality, it can be challenging to identify which specific service is causing errors or vulnerabilities when an issue arises.

Introducing Microusity: A Tool Specifically Designed for BFF-based Microservices

Microusity aims to address these challenges by providing developers with a comprehensive tool specifically designed for testing RESTful APIs in BFF-based microservices. The tool utilizes a unique approach that traces port connections between BFF requests and sub-requests sent to back-end services. This allows developers to pinpoint which specific back-end service is causing internal server errors, potentially leading to unhandled errors or vulnerabilities. Microusity provides an error report that includes an overall test summary, the number of error responses from both the BFF and back-end microservices, and a request sequence categorized into different types of issues.

Visualizing Connections with Graph Reports

In addition to the error report, Microusity also offers a graph report that visualizes the relationship between main requests, sub-requests, and their corresponding responses. This graph helps developers easily trace connections between requests and identify any exception message leakage or HTTP 5xx responses indicating server errors.

Evaluating the Effectiveness of Microusity

To evaluate the effectiveness of Microusity, the research team conducted a user evaluation with eight software practitioners. The evaluation included demonstrations and interviews to assess the ease of understanding and usefulness of the tool. Overall, participants found Microusity's error reports and graph visualization valuable for investigating and understanding problems in BFF systems. They also appreciated its ability to pinpoint specific services causing issues rather than having to manually search through logs or use multiple tools.

Accessing Microusity

For those interested in using Microusity for testing their own BFF-based microservices, it is available as a prototype tool on GitHub at https://github.com/MUICT-SERU/MICROUSITY. The repository also includes a video demo showcasing how to use the tool effectively.

In Conclusion

As microservice architectures continue to gain popularity among developers, it becomes increasingly important to have secure testing tools specifically designed for these systems. With its unique approach to tracing BFF requests and comprehensive error reporting capabilities, Microusity offers a valuable solution for identifying potential vulnerabilities in microservice architectures. Its user evaluation results demonstrate its effectiveness in helping developers understand and troubleshoot issues in BFF-based systems.