I'm a big fan of json schemas, but it's hard to know what one is missing so for years I've looked for a json schema based fuzzer for http backends, now I've started building one. Even if the input data passes schema validation, does the backend crash because a case can't be caught in schema?
The basic idea is you upload the jsonschema to a website and get a binary in return. This binary generates data based on that schema and sends it to endpoints as / how / when you want. Set up a VM with your backend and let it run for a week, look at the report to find any crashes, repeat. Maybe with some nice webhooks etc.
The reasons to do this by sending a binary the user run themselves instead of over the network are that fuzzing will generate a _lot_ of requests, with a binary you can have it running on localhost and cut down on time.
Value prop: Find crashes in backend code and help you improve your input validation schemas.
Later I've realized that it can just as easily be used to generate test data, lots of test data too, but that probably requires different marketing etc.
Hoping to have a PoC up before end of year or so if anyone is interested.
The basic idea is you upload the jsonschema to a website and get a binary in return. This binary generates data based on that schema and sends it to endpoints as / how / when you want. Set up a VM with your backend and let it run for a week, look at the report to find any crashes, repeat. Maybe with some nice webhooks etc.
The reasons to do this by sending a binary the user run themselves instead of over the network are that fuzzing will generate a _lot_ of requests, with a binary you can have it running on localhost and cut down on time.
Value prop: Find crashes in backend code and help you improve your input validation schemas.
Later I've realized that it can just as easily be used to generate test data, lots of test data too, but that probably requires different marketing etc.
Hoping to have a PoC up before end of year or so if anyone is interested.