Microusity: A testing tool for Backends for Frontends (BFF) Microservice Systems

Résumé : The microservice software architecture is more scalable and efficient than its monolithic predecessor. Despite its increasing adoption, microservices might expose security concerns and issues that are distinct from those associated with monolithic designs. We propose Microusity, a tool that performs RESTful API testing on a specific type of microservice pattern called back end for front end (BFF). We design a novel approach to trace BFF requests using the port mapping between requests to BFF and the sub-requests sent to back-end microservices. Furthermore, our tool can pinpoint which of the back end service causing the internal server error, which may lead to unhandled errors or vulnerabilities. Microusity provides an error report and a graph visualization that reveal the source of the error and supports developers in comprehension and debugging of the errors. The evaluation of eight software practitioners shows that Microusity and its security test reports are useful for investigating and understanding problems in BFF systems. The prototype tool and the video demo of the tool can be found at https://github.com/MUICT-SERU/MICROUSITY.