{"id":"https://openalex.org/W7128507398","doi":"https://doi.org/10.48550/arxiv.2602.08242","title":"Software Testing at the Network Layer: Automated HTTP API Quality Assessment and Security Analysis of Production Web Applications","display_name":"Software Testing at the Network Layer: Automated HTTP API Quality Assessment and Security Analysis of Production Web Applications","publication_year":2026,"publication_date":"2026-02-09","ids":{"openalex":"https://openalex.org/W7128507398","doi":"https://doi.org/10.48550/arxiv.2602.08242"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.08242","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102904269","display_name":"Ali Hassaan Mughal","orcid":"https://orcid.org/0000-0002-0724-9197"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mughal, Ali Hassaan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125591357","display_name":"Muhammad Bilal","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Bilal, Muhammad","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5121685936","display_name":"Noor Fatima","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Fatima, Noor","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5422000288963318,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.5422000288963318,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.24160000681877136,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.024700000882148743,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.569100022315979},{"id":"https://openalex.org/keywords/software-versioning","display_name":"Software versioning","score":0.4429999887943268},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.43650001287460327},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.38519999384880066},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.34689998626708984},{"id":"https://openalex.org/keywords/software-quality","display_name":"Software quality","score":0.33550000190734863},{"id":"https://openalex.org/keywords/quality","display_name":"Quality (philosophy)","score":0.3343999981880188}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8382999897003174},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.569100022315979},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.4668000042438507},{"id":"https://openalex.org/C198140048","wikidata":"https://www.wikidata.org/wiki/Q10859422","display_name":"Software versioning","level":3,"score":0.4429999887943268},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.43650001287460327},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.43630000948905945},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.38519999384880066},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.34689998626708984},{"id":"https://openalex.org/C117447612","wikidata":"https://www.wikidata.org/wiki/Q1412670","display_name":"Software quality","level":4,"score":0.33550000190734863},{"id":"https://openalex.org/C2779530757","wikidata":"https://www.wikidata.org/wiki/Q1207505","display_name":"Quality (philosophy)","level":2,"score":0.3343999981880188},{"id":"https://openalex.org/C11392498","wikidata":"https://www.wikidata.org/wiki/Q11288","display_name":"Web server","level":3,"score":0.3222000002861023},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3176000118255615},{"id":"https://openalex.org/C1009929","wikidata":"https://www.wikidata.org/wiki/Q179550","display_name":"Software bug","level":3,"score":0.3133000135421753},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.28870001435279846},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2847000062465668},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.27880001068115234},{"id":"https://openalex.org/C104352257","wikidata":"https://www.wikidata.org/wiki/Q1238961","display_name":"Web log analysis software","level":5,"score":0.25949999690055847},{"id":"https://openalex.org/C92446256","wikidata":"https://www.wikidata.org/wiki/Q3306762","display_name":"Data validation","level":2,"score":0.25459998846054077},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.2524000108242035}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.08242","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.08242","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.08242","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.08242","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Modern":[0],"web":[1,252],"applications":[2],"rely":[3],"heavily":[4],"on":[5,191],"client-side":[6],"API":[7,169,246],"calls":[8,170],"to":[9,132,265],"fetch":[10],"data,":[11],"render":[12],"content,":[13],"and":[14,33,67,86,105,171,231,253,261],"communicate":[15],"with":[16],"backend":[17],"services.":[18],"However,":[19],"the":[20,63,88,176,209,250],"quality":[21,48,136,147,248],"of":[22,46,92,155,184,193],"these":[23,47],"network":[24],"interactions":[25],"(redundant":[26],"requests,":[27],"missing":[28,53,172],"cache":[29,54,57,173],"headers,":[30],"oversized":[31],"payloads,":[32],"excessive":[34,59],"third-party":[35,60,187],"dependencies)":[36],"is":[37,205],"rarely":[38],"tested":[39],"in":[40],"a":[41,134,145,255],"systematic":[42],"way.":[43],"Moreover,":[44],"many":[45],"deficiencies":[49],"carry":[50],"security":[51],"implications:":[52],"headers":[55,174],"enable":[56],"poisoning,":[58],"dependencies":[61],"expand":[62],"supply-chain":[64],"attack":[65],"surface,":[66],"error":[68],"responses":[69],"risk":[70],"leaking":[71],"server":[72],"internals.":[73],"In":[74],"this":[75],"study,":[76],"we":[77,113],"present":[78],"an":[79,235,241],"automated":[80,108],"software":[81],"testing":[82,257],"framework":[83,258],"that":[84,259],"captures":[85],"analyzes":[87],"complete":[89],"HTTP":[90,245],"traffic":[91],"18":[93],"production":[94],"websites":[95],"spanning":[96],"11":[97],"categories":[98],"(e-commerce,":[99],"news,":[100],"government,":[101],"developer":[102],"tools,":[103],"travel,":[104],"more).":[106],"Using":[107],"browser":[109],"instrumentation":[110],"via":[111],"Playwright,":[112],"record":[114],"108":[115],"HAR":[116],"(HTTP":[117],"Archive)":[118],"files":[119],"across":[120,249],"3":[121],"independent":[122],"runs":[123],"per":[124,201],"page,":[125],"then":[126],"apply":[127,264],"8":[128],"heuristic-based":[129],"anti-pattern":[130],"detectors":[131],"produce":[133],"composite":[135],"score":[137,161],"(0-100)":[138],"for":[139,244],"each":[140,181],"site.":[141,212],"Our":[142],"results":[143],"reveal":[144],"wide":[146],"spectrum:":[148],"minimalist":[149],"server-rendered":[150],"sites":[151,160],"achieve":[152],"perfect":[153],"scores":[154],"100,":[156],"while":[157,186],"content-heavy":[158],"commercial":[159],"as":[162,164,175,234],"low":[163],"56.8.":[165],"We":[166,224],"identify":[167],"redundant":[168],"two":[177],"most":[178,210],"pervasive":[179],"anti-patterns,":[180],"affecting":[182],"67%":[183],"sites,":[185],"overhead":[188],"exceeds":[189],"20%":[190],"72%":[192],"sites.":[194],"One":[195],"utility":[196],"site":[197,215],"makes":[198],"2,684":[199],"requests":[200],"page":[202],"load,":[203],"which":[204],"447x":[206],"more":[207],"than":[208],"minimal":[211],"To":[213],"protect":[214],"reputations,":[216],"all":[217,226],"identities":[218],"are":[219],"anonymized":[220,229],"using":[221],"category-based":[222],"pseudonyms.":[223],"provide":[225],"analysis":[227],"scripts,":[228],"results,":[230],"reproducibility":[232],"instructions":[233],"open":[236],"artifact.":[237],"This":[238],"work":[239],"establishes":[240],"empirical":[242],"baseline":[243],"call":[247],"modern":[251],"offers":[254],"reproducible":[256],"researchers":[260],"practitioners":[262],"can":[263],"their":[266],"own":[267],"applications.":[268]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-02-11T00:00:00"}