CPC G06F 21/577 (2013.01) [G06F 9/547 (2013.01); G06F 11/0766 (2013.01); G06F 11/3636 (2013.01); G06F 11/3664 (2013.01); G06F 11/3688 (2013.01); G06F 21/6227 (2013.01)] | 23 Claims |
1. A computer-implemented method comprising:
prior to deployment of a microservice within a production environment, generating a test suite for the microservice based at least in part on a specification of an application programming interface (API) of the microservice defining a plurality of operations supported by the API and information regarding parameters of each of the plurality of operations, wherein the test suite comprises at least input validation test cases for testing the API of the microservice, and service interaction test cases that facilitate a mocked peer microservice to respond to requests made by the microservice;
subjecting the microservice to the test suite including running the input validation test cases and the service interaction test cases, wherein the service interaction test cases test for leakage of sensitive information under both positive and negative response scenarios; and
based on running the input validation test cases and the service interaction test cases, detecting a potential security leak by the microservice by analyzing a dataset to which the microservice outputs information, wherein analyzing the dataset includes applying a plurality of security rules to the dataset.
|