Ai Driven API Security Testing For Cyber Security Vulnerabilities

Chapter 1
INTRODUCTION

1.1 Background

In today’s digital world, APIs (Application Programming Interfaces) have become the
backbone of modern software systems, enabling seamless communication between
services, platforms, and applications. From mobile banking to e-commerce, APIs power a
vast array of user-facing and backend systems. However, the rapid expansion of APIs has
also opened up new attack surfaces for cybercriminals. Security threats such as Broken
Object Level Authorization (BOLA), authentication bypass, injection attacks, data
leakage, and rate limiting issues have emerged as critical challenges. Traditional security
tools often fail to detect these threats effectively, especially as attackers leverage
increasingly sophisticated and adaptive techniques.

To address these challenges, Artificial Intelligence (AI) offers a transformative approach

to API security. By integrating AI into the testing and monitoring of APIs, it's possible to
automatically discover unknown vulnerabilities, learn usage patterns, and detect
anomalies in real-time. This project focuses on developing an AI-based API Security
Testing System from the ground up, without relying on any existing security applications.
Our aim is to implement intelligent modules capable of fuzzing APIs, identifying
vulnerabilities, and analyzing response patterns to uncover weaknesses. The solution
combines machine learning, rule-based analysis, and automated decision-making to
provide comprehensive, proactive API security—meeting the growing need for robust
and adaptive protection in a hyper-connected environment.

1.2 Problem Statement

APIs are increasingly targeted by attackers due to their role in exposing critical services
and data. Vulnerabilities such as broken authentication, data leaks, injection attacks,
IDOR, and rate limiting issues can lead to unauthorized access and serious security
breaches. Traditional tools often fail to detect these threats effectively, especially in
dynamic environments. This project aims to address the problem by developing an AI-
based security testing system that can automatically detect and analyze such
vulnerabilities in REST APIs, offering a smarter and more proactive approach to API

Department of CSE,EPCET 2024-2025 Page 1

Ai Driven API Security Testing For Cyber Security Vulnerabilities

security.

1.3 Existing system

Existing API security testing solutions include tools such as OWASP ZAP, Postman with
security scripts, Burp Suite, and commercial platforms like APIsec and Salt Security. These
tools perform tasks like vulnerability scanning, penetration testing, and manual fuzzing.
Some solutions use predefined rule sets and static signatures to detect common security
issues, while others provide limited automation for security testing in development pipelines.

Limitations

 Lack of Intelligence: Most tools are rule-based and do not adapt to new or evolving
attack patterns. They often miss zero-day vulnerabilities or complex logic flaws.
 Manual Effort Required: Many tools depend heavily on manual configuration,
scripting, or interpretation of results, which makes them time-consuming and error-
prone.
 Limited Context Awareness: Existing tools often lack contextual understanding of
API logic, user roles, and data flow, which is crucial for detecting vulnerabilities like
IDOR and broken authentication.
 Inefficient Fuzzing: Fuzzing in traditional tools may not be optimized or intelligent
enough to explore all possible attack surfaces effectively.
 Scalability Issues: When integrated into CI/CD pipelines or large systems, these tools
may struggle with performance and scalability.

1.4 Proposed system

The proposed system aims to develop an AI-driven API security testing framework capable
of automatically detecting critical vulnerabilities in REST APIs—without depending on any
existing tools or platforms. This system will proactively simulate real-world attacks and
analyze API behavior to identify security flaws such as broken authentication, data leaks,
injection attacks, Insecure Direct Object References (IDOR), and insufficient rate limiting.

Unlike traditional tools, this solution integrates machine learning and intelligent fuzzing to
dynamically generate attack payloads, evaluate responses, and detect anomalies. The system
will learn from API request/response patterns and user role-based logic to uncover complex

Department of CSE,EPCET 2024-2025 Page 2

Ai Driven API Security Testing For Cyber Security Vulnerabilities

or hidden vulnerabilities that static testing often misses. It will feature a modular design,
allowing easy extension and customization for different API environments.

1.4 Aim of the project

To develop an AI-driven system for automating API security testing and detecting potential
cyber security vulnerabilities to enhance the resilience of web-based applications .

1.5 Objectives of the Project

 Develop an AI-powered testing engine that can simulate real-world attacks on REST APIs.

 Identify key API vulnerabilities including:

 Broken Authentication
 Injection Attacks
 Data Leaks
 IDOR (Insecure Direct Object References)
 Insufficient Rate Limiting

 Implement intelligent fuzzing mechanisms to generate dynamic test payloads.

 Analyze API responses using machine learning to detect anomalies and potential security
flaws.

 Build a modular and scalable system that can be easily adapted for various APIs and
environments.

 Provide detailed reports and logs of vulnerabilities discovered during testing.

Department of CSE,EPCET 2024-2025 Page 3

Ai Driven API Security Testing For Cyber Security Vulnerabilities

1.7 Summary

This project focuses on the development of an AI-driven system designed to automate API
security testing and identify potential cybersecurity vulnerabilities in modern web-based
applications. As APIs serve as critical interfaces for data exchange, ensuring their security is
essential to prevent breaches and data leaks. The proposed system will utilize artificial
intelligence and machine learning algorithms to detect and classify threats such as injection
attacks, broken authentication, and data exposure, which are often missed by traditional
testing methods. By automating the testing process, the system aims to reduce manual effort,
increase testing accuracy, and provide continuous security assessment. It will support
multiple API protocols, including REST and GraphQL, and generate comprehensive
vulnerability reports to aid developers in timely remediation. The ultimate objective is to
strengthen the resilience and security posture of web applications through an intelligent,
adaptive, and scalable testing framework..

Department of CSE,EPCET 2024-2025 Page 4

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Chapter 2
LITERATURE SURVEY

2.1 “ FuzzTheREST: An Intelligent Automated Black-box RESTful API

Fuzzer[1]”
Authors: Tiago Dias, Eva Maia, Isabel Praga (2024)
In this paper, the authors proposed FuzzTheREST, an intelligent RESTful API fuzzer that
combines Reinforcement Learning (RL) with fuzz testing to automate the detection of
vulnerabilities in APIs. The system adapts based on feedback during testing, enabling it to
uncover edge-case bugs more efficiently than traditional fuzzers. The approach significantly
enhances vulnerability detection and improves testing efficiency. However, the method has a
limited evaluation scope, with the system achieving only 55% code coverage, indicating that
a substantial portion of the API functionality remains untested.

Limitations

 Achieves only 55% code coverage, leaving many potential vulnerabilities undetected.

 The approach is tested in limited real-world scenarios, which may not reflect the diversity
of production APIs.

 Lack of integration with broader API testing pipelines (e.g., CI/CD environments).

2.2 “Detecting Misuse of Security APIs: A Systematic Review [2]”

Authors: Zahra Mousavi, Md. Chadni Islam, M. Ali Babar, Akhlaf Abuboba, Kristen Moore
(2023)
This paper provides a comprehensive systematic review of API misuse detection using
heuristics and machine learning-based techniques. The authors compile and analyze 50
distinct misuse patterns, offering valuable insight into recurring implementation flaws in
security APIs. Their work is crucial in forming a baseline for future API security tools and
enhancing overall security assurance. However, the study highlights that existing methods
still offer limited coverage of some flaws, and it emphasizes the challenge of aligning
detection techniques with real-world API misuse scenarios.

Department of CSE,EPCET 2024-2025 Page 5

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Limitations

 Many existing detection techniques analyzed have limited flaw coverage and struggle
with identifying complex, context-based misuses.
 Heuristic-based approaches may not adapt well to evolving security patterns or
unseen misuse types.
 The paper lacks implementation or benchmarking of a unified detection tool across
reviewed misuse patterns.

2.3 “Data-Driven Vulnerability Detection and Repair in Java Code[3]”

Authors: Ying Zhang, Mahir Kabir, Ya Xiao, Danfeng (2024)
The researchers present an AI-driven system for detecting and automatically patching
security vulnerabilities in Java applications, especially those involving API misuse. By
analyzing large codebases, the model identifies insecure patterns and suggests or applies
fixes, effectively reducing manual effort in vulnerability management. This combined
detection and repair approach represents a step forward in automated software security.
Nonetheless, its success heavily depends on the quality and representativeness of the training
data, and there's a notable concern regarding false positives, which may lead to incorrect
fixes or developer hesitation.

Limitations

 The system’s accuracy is highly dependent on the quality of the training data, which
may not generalize well across all codebases.
 Risk of false positives and incorrect automated patches, which may reduce developer
trust.
 Focused primarily on Java and API misuse—limited applicability to REST API
security testing or other languages.

Department of CSE,EPCET 2024-2025 Page 6

Ai Driven API Security Testing For Cyber Security Vulnerabilities

2.4 Summary
This chapter reviewed key research papers related to AI-driven API security testing,
intelligent fuzzing, and vulnerability detection. Each study contributes uniquely to the
evolving landscape of automated cybersecurity tools.

The first paper introduced FuzzTheREST, showcasing how reinforcement learning can
improve API fuzzing, though it remains limited in code coverage and real-world validation.
The second paper provided a systematic review of API misuse detection techniques,
highlighting the diversity of detection methods while noting gaps in flaw coverage and real-
world applicability. The third study proposed an AI-based vulnerability detection and repair
system for Java code, demonstrating automation benefits but raising concerns about false
positives and dataset dependency.

Together, these works highlight the need for smarter, more adaptable, and scalable solutions
in API security testing—supporting the motivation and direction of our proposed AI-based
system.

Department of CSE,EPCET 2024-2025 Page 7

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Chapter 3
REQUIREMENT SPECIFICATION

Requirement specification outlines all the hardware, software, and functional needs required
to successfully develop and deploy the system. It serves as the foundation for system design,
implementation, and validation, ensuring the project meets both user and technical
expectations.

3.1 Hardware Requirements

 Processor: Intel Core i5 or above

 RAM: Minimum 8 GB

 Storage: Minimum 500 GB HDD or 256 GB SSD

 Internet connection: Required for dataset download or remote testing (if applicable)

3.2 Software Requirements

 Operating System: Windows 10 / Linux Ubuntu 20.04 or above
 Programming Language: Python 3.x
 Libraries/Frameworks: Scikit-learn / Tensor Flow / Py Torch (for AI/ML), Requests,
Flask/FastAPI (for API testing and interaction),Pandas, NumPy (for data processing)
 Database (if needed): SQLite / MongoDB
 Browser: Google Chrome or Firefox (for testing APIs with tools like Swagger)

3.3 Development Environment

 IDE Used: Visual Studio Code / PyCharm

 Frameworks: Flask or FastAPI for building and testing APIs

 Testing Tools: Custom Python scripts using requests and unittest or pytest

 Version Control: Git & GitHub

Department of CSE,EPCET 2024-2025 Page 8

Ai Driven API Security Testing For Cyber Security Vulnerabilities

3.4 Functional Requirements

 The system must allow users to input REST API endpoints for testing.

 It should perform automated vulnerability scans for: Broken Authentication ,Injection

Attacks ,Data Leaks ,IDOR, Rate Limiting flaws

The system should analyze API responses to detect anomalies using AI.

 It must generate a vulnerability report summarizing the findings.

3.5 Non-functional Requirements

 Scalability: Capable of testing large API sets or enterprise-scale systems.

 Security: The system itself must be secure from misuse and must not leak data.

 Performance: Should produce results within a reasonable time for each API scan.

 Usability: Simple command-line or GUI interface for ease of use.

 Maintainability: Modular code structure for easy updates and enhancements.

 Reliability: Must produce consistent results for similar inputs and conditions.

Department of CSE,EPCET 2024-2025 Page 9

Ai Driven API Security Testing For Cyber Security Vulnerabilities

3.6 Summary

The requirement specification provides a comprehensive overview of the essential

components needed to develop and deploy the AI-based API Security Testing system. It
outlines the hardware and software prerequisites to support AI model training, API
interaction, and system performance. The development environment is set up with efficient
tools, frameworks, and testing utilities to ensure a smooth and scalable implementation
process.

Functionally, the system is designed to automatically detect and report critical

vulnerabilities—such as broken authentication, injection attacks, data leaks, IDOR, and rate
limiting flaws—using AI techniques. Non-functional requirements ensure the system is
secure, scalable, user-friendly, and reliable. Together, these specifications form the
foundation for building a robust, intelligent, and efficient API security testing solution
tailored to modern cybersecurity needs.

Department of CSE,EPCET 2024-2025 Page 10

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Chapter 4
SYSTEM DESIGN
4.1 System Architecture
This chapter defines the architecture and core components of the AI-based API Security
Testing system. It translates requirements into a structured design that guides
implementation, detailing how the system analyzes APIs, detects vulnerabilities, and reports
results. The design ensures scalability, maintainability, and alignment with system goals
while identifying potential challenges early.

Figure 4.1: System architecture

Figure 4.1 illustrates the workflow of an AI-based API security testing system. The process
starts with a User or API request, which undergoes traffic analysis to extract behavior
patterns. This analyzed traffic is then fed into an AI-based anomaly detection engine. If
suspicious activity is identified, the system activates the security testing module. This module
performs a deeper inspection through three parallel paths: penetration testing using tools like
OWASP ZAP or Burp Suite, fuzzing attack simulations using tools like Boofuzz, and API
vulnerability scanning using Postman or similar security scanners. These paths help detect
issues such as exploit vulnerabilities, unexpected input handling, or weak API configurations.
All results are aggregated in a threat intelligence database. The system then checks if any
vulnerability is found. If not, the API request is allowed. If a vulnerability is detected, an

Department of CSE,EPCET 2024-2025 Page 11

Ai Driven API Security Testing For Cyber Security Vulnerabilities

automated patch generation process is triggered, and the fix is applied. This leads to a secure
API deployment. Continuous monitoring ensures the system keeps learning and adapting to
new threats, closing the loop in a self-improving security architecture.

4.2 Data Flow Diagrams

Figure 4.2

Figure 4.2 illustrates the Data Flow Diagram (DFD) for the project “AI-Driven API Security
Testing for Cybersecurity Vulnerabilities”, detailing the system’s flow across three levels.
The Level 0 DFD shows the overall interaction between users (testers/developers),
web/mobile applications, and the API Security Testing System, which accepts API endpoints,
test cases, and API requests/responses to generate a vulnerability report. The Level 1 DFD
breaks the process into three main modules: collecting API details (stored in the API Details
DB), injecting security payloads (from the Test Payload DB), and performing AI-based

Department of CSE,EPCET 2024-2025 Page 12

Ai Driven API Security Testing For Cyber Security Vulnerabilities

response analysis, which logs data into the Vulnerability Logs. The Level 2 DFD further
decomposes the AI-based analysis into logging API responses, extracting features, and using
AI model rules to flag vulnerabilities, which are then stored in the Detected Issues DB. This
layered structure demonstrates how the system uses AI to automate vulnerability detection in
API responses efficiently.

4.3 UML Diagrams

UML (Unified Modeling Language) is a standardized visual language used to design and
represent the structure and behavior of software systems. It helps developers and stakeholders
understand, plan, and document system architecture clearly through diagrams. UML includes
different types of diagrams such as Use Case, Class, Sequence, Activity, and Component
diagrams, which show how a system works, how its parts are connected, and how data flows
within it. UML is widely used in software engineering to simplify complex system designs
and improve communication among team members.

4.3.1 Use Case Diagram

Figure 4.3.1
Figure 4.3.1 illustrates the Use Case Diagram for the AI-based API Security Testing system,
showing the interaction between the primary user (Tester) and the system functionalities. The tester
begins by selecting the API endpoint to be tested, followed optionally by configuring authentication
credentials such as tokens or API keys—this is represented by the "Configure Authentication" use

Department of CSE,EPCET 2024-2025 Page 13

Ai Driven API Security Testing For Cyber Security Vulnerabilities

case, which is connected to the main test execution through an «extend» relationship, indicating it's an
optional step. The core functionality is encapsulated in the "Run Security Tests" use case, which
includes the "Perform Vulnerability Scanning" action as a mandatory sub-process, denoted by the
«include» relationship. Once the scanning is complete, the system automatically proceeds to
"Generate Report", providing a summary of detected vulnerabilities. This use case diagram
emphasizes a structured and modular approach to API security testing, ensuring that while
authentication setup is flexible, critical operations like vulnerability detection and reporting are
consistently executed.
4.3.2 Class Diagram

Figure 4.3.2

Figure 4.3.2 illustrates the Class Diagram for the AI-Based API Security Testing System,
which outlines the core classes and their interactions within the system. The main class,
Security Testing System API, includes three primary methods: collectAPIDetails(),
InjectSecurityPayloads(), and generateSecurityReport(), representing the key steps

in the testing process. This central class is connected to three supporting classes: API Details,
which handles the collection and management of API input data; Payload Injector, which
includes the method sendPayload() for injecting test and malicious payloads to uncover
security flaws; and Report Generator, which contains createReport() to compile and
summarize the results. The diagram promotes a modular and organized design, ensuring clear
separation of responsibilities and easy maintenance of the system.

Department of CSE,EPCET 2024-2025 Page 14

Ai Driven API Security Testing For Cyber Security Vulnerabilities

4.3.3 Sequence Diagram

Figure 4.3.3

Figure 4.3.3 shows the Sequence Diagram for the API Security Testing System, illustrating
the step-by-step interaction between the user, the system, and the payload injector
component. The process begins when the user initiates the collectAPIDetails() method to
submit the target API information to the system. After receiving the details, the API Security
Testing System proceeds to call InjectSecurityPayloads() on the Payload Injector module,
which is responsible for sending crafted or malicious payloads to the API endpoint to identify
potential vulnerabilities. Once the injection process is complete, the system finalizes the
process by executing generateSecurityReport(), returning the results to the user. This diagram
clearly outlines the logical flow of control and the order in which key operations are executed
during the testing process.

Department of CSE,EPCET 2024-2025 Page 15

Ai Driven API Security Testing For Cyber Security Vulnerabilities

4.3.4 Activity Diagram

Figure 4.3.4

Figure 4.3.4 represents the Activity Diagram of the API Security Testing System, outlining
the sequence of operations involved in the testing workflow. The process begins with the
activity to collect API details, where the system gathers endpoint information, headers,
parameters, and authentication data. Once this is done, the system evaluates whether to
proceed with injecting security payloads. A decision point checks the condition—if the
answer is yes, the flow continues directly to the injection process. If the condition is no, the
flow still leads to the injection phase, indicating that injection is a required step regardless of
the conditional path taken. This diagram visually captures the core logic and flow of actions
in the API testing cycle, helping to clarify decision-making points and process continuity
within the system.

Department of CSE,EPCET 2024-2025 Page 16

Ai Driven API Security Testing For Cyber Security Vulnerabilities

4.3.5 State Machine Diagram

Figure 4.3.5

Figure 4.3.5 illustrates the activity flow of the API Security Testing System, beginning from
an idle state where the system awaits input. Once an API is received, it proceeds to the
analyzing phase where the system evaluates the API’s behavior. If an anomaly is detected,
the process moves to a suspicious state and initiates testing to verify the presence of any
security issues. If a vulnerability is confirmed, the system applies patching and then moves to
the deployed state, ultimately marking the API as safe. In contrast, if no anomaly is found
during analysis, the system marks the API as clean. This flow diagram outlines a clear path
from receiving the API to determining its security status, demonstrating how the system
makes decisions and handles both normal and abnormal cases effectively.

Department of CSE,EPCET 2024-2025 Page 17

Ai Driven API Security Testing For Cyber Security Vulnerabilities

4.3.6 Component Diagram

Figure 4.3.6

Figure 4.3.6 represents the architectural flow of the API Security Testing System, detailing
the interaction between client-side components, core system modules, tools, and deployment
platforms. The process begins at the client side with the API client, which communicates with
the core system through the API service. The API traffic is then analyzed by the traffic
analyzer, which passes the data to the anomaly detector to identify irregular patterns. Once
anomalies are flagged, the security module engages appropriate tools such as Postman, Burp,
or Boofuzz for further analysis and testing. The output is then processed by the report
generator to create structured vulnerability reports. These findings are handled by the patch
manager, which prepares the necessary fixes. Finally, the tested and secured APIs are
deployed on platforms such as AWS, GCP, or Azure. This diagram captures a complete

Department of CSE,EPCET 2024-2025 Page 18

Ai Driven API Security Testing For Cyber Security Vulnerabilities

pipeline from input to deployment, integrating automation tools and ensuring secure API
delivery.

4.3.7 ER diagram

Figure 4.3.7

Figure 4.3.7 shows the ER diagram for the project, explaining how different data entities are
related. It includes key entities like api_endpoint, test_case, payload, response_log,
vulnerability, and report. Each API can have multiple test cases, which use different
payloads. The responses from the API are logged, analyzed, and any vulnerabilities found are
recorded. All this information is finally compiled into a report. This diagram helps in
understanding how the system stores and connects data for AI-based API security testing.

Department of CSE,EPCET 2024-2025 Page 19

Ai Driven API Security Testing For Cyber Security Vulnerabilities

4.4 Summary
This project proposes an AI-based API security testing system designed to detect
cybersecurity vulnerabilities without relying on an existing application. The system analyzes
API documentation or traffic data, using AI to identify security issues. UML diagrams are
used to plan and visualize the system’s structure, processes, and interactions.

The use case diagram defines the main interactions between users, the AI engine, and other
components, while the class diagram outlines key classes like APIEndpoint, TestCase,
AIModel, and VulnerabilityReport. Sequence and activity diagrams capture the workflow of
uploading API specs, generating AI-driven test cases, executing tests, and reporting results.
The component diagram organizes system modules such as the parser, AI generator, and
report manager, offering a clear view of how the system functions as a whole.

Department of CSE,EPCET 2024-2025 Page 20

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Chapter 5
CONCLUSION
In conclusion, this project presents a comprehensive AI-based approach to API security
testing, capable of detecting potential cybersecurity vulnerabilities without requiring an
existing application. By leveraging AI techniques to analyze API specifications and traffic,
the system can automatically generate test cases, evaluate responses, and identify
vulnerabilities efficiently. The integration of various system components, guided by detailed
UML diagrams, ensures a structured, scalable, and effective testing framework.

This solution addresses the growing need for proactive and intelligent security measures in
API-driven environments, where manual testing and traditional tools may fall short. The
project not only enhances the speed and accuracy of vulnerability detection but also
provides a flexible platform that can adapt to evolving API technologies and security
threats. With further development and optimization, this AI-based system has the potential
to become a valuable asset in modern cybersecurity operations.

Department of CSE,EPCET 2024-2025 Page 21

Ai Driven API Security Testing For Cyber Security Vulnerabilities

REFERENCES

[1] T. Dias, E. Maia, and I. Praça, “FuzzTheREST: An Intelligent Automated Black-box

RESTful API Fuzzer,” arXiv preprint arXiv:2407.14361, 2024.

[2]Z. Mousavi, C. Islam, M. A. Babar, A. Abuadbba, and K. Moore, “Detecting Misuse of

Security APIs: A Systematic Review,” arXiv preprint arXiv:2306.08869, 2023.

[3] Y. Zhang, M. Kabir, Y. Xiao, and D. Yao, “Data-Driven Vulnerability Detection and
Repair in Java Code,” arXiv preprint arXiv:2102.06994, 2021.

[4] T. Bui, Y. N. Tun, Y. Cheng, I. C. Irsan, T. Zhang, and H. J. Kang, “JavaVFC: Java
Vulnerability Fixing Commits from Open-source Software,” arXiv preprint
arXiv:2409.05576, 2024.

[5] S. Yadav, T. Choppa, and D. Schlechtweg, “FuzzTheREST: An Intelligent Automated

Black-box RESTful API Fuzzer,” ResearchGate, 2024.

[6] Z. Mousavi, C. Islam, M. A. Babar, A. Abuadbba, and K. Moore, “Detecting Misuses of

Security APIs: A Systematic Review,” ACM Computing Surveys, vol. 56, no. 4, pp. 1–35,
2023.

[7]Y. Zhang, M. Kabir, Y. Xiao, and D. Yao, “Example-Based Vulnerability Detection and
Repair in Java Code,” Proceedings of the 44th International Conference on Software
Engineering, pp. 1–12, 2022.

[8]T. Dias, E. Maia, and I. Praça, “FuzzTheREST: An Intelligent Automated Black-box

RESTful API Fuzzer,” ResearchGate, 2024.

[9]Z. Mousavi, C. Islam, M. A. Babar, A. Abuadbba, and K. Moore, “Detecting Misuse of

Security APIs: A Systematic Review,” ResearchGate, 2023.

[10] Y. Zhang, M. Kabir, Y. Xiao, and D. Yao, “Data-Driven Vulnerability Detection and

Department of CSE,EPCET 2024-2025 Page 22

Ai Driven API Security Testing For Cyber Security Vulnerabilities

Repair in Java Code,” ResearchGate, 2021.

[11] Z. Mousavi, C. Islam, M. A. Babar, A. Abuadbba, and K. Moore, “Detecting Misuse of

Security APIs: A Systematic Review,” Academia.edu, 2023.

[12] T. Dias, E. Maia, and I. Praça, “FuzzTheREST: An Intelligent Automated Black-box

RESTful API Fuzzer,” The Moonlight, 2024.
[13] T. Dias, E. Maia, and I. Praga, “FuzzTheREST: An Intelligent Automated Black-box
RESTful API Fuzzer,” 2024.

[14] Z. Mousavi, A. C. Islam, M. A. Babar, A. Abubakar, and K. Moore, “Detecting Misuse

of Security APIs: A Systematic Review,” 2023.

[15] Y. Zhang, M. Kabir, Y. Xiao, and D. Danfeng, “Data-Driven Vulnerability Detection

and Repair in Java Code,” 2024.

Department of CSE,EPCET 2024-2025 Page 23