Revisão Multifocal sobre ferramentas de teste e estratégias de segurança de APIs em microsserviços
Resumo
A comunicação em arquiteturas de microsserviços tem se tornado cada vez mais comum, exigindo atenção aos testes de segurança para garantir a qualidade das APIs. Este estudo, através de uma revisão multifocal, investigou ferramentas e estratégias de segurança aplicadas ao desenvolvimento de APIs. Foram analisados 50 artigos da literatura branca e 270 da cinza. As ferramentas mais citadas foram RESTest (6), OWASP ZAP (6) e Postman (4). Entre as estratégias, destacaram-se Spring Security (93), JWT (81) e API Gateway (37). Os principais testes envolvem validação de entrada (20), detecção de vulnerabilidades (19) e autenticação/autorização (14), com foco em mitigar ameaças como SQL Injection (11), falhas de configuração (10) e OWASP Top Ten (8).Referências
Bakhtin, A., Maruf, A. A., Cerny, T., and Taibi, D. (2022). Survey on tools and techniques detecting microservice api patterns.
Domingos, L. and Farina, R. (2020). MicroserviÇos: um estudo de caso apontando suas potencialidades. Revista Interface Tecnológica, 17:18–30.
Díaz-Rojas, J. A., Ocharán-Hernández, J. O., Pérez-Arriaga, J. C., and Limón, X. (2021). Web api security vulnerabilities and mitigation mechanisms: A systematic mapping study. In 2021 9th International Conference in Software Engineering Research and Innovation (CONISOFT), pages 207–218.
García, J. C., Hernández, J. O. O., Arriaga, J. C. P., and Riaño, H. J. L. (2023). Advances in web api testing: A systematic mapping study. In 2023 Mexican International Conference on Computer Science (ENC), pages 1–8.
Garousi, V., Felderer, M., and Mäntylä, M. V. (2016). The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE ’16, New York, NY, USA. Association for Computing Machinery.
Garousi, V., Felderer, M., and Mäntylä, M. V. (2019). Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and Software Technology, 106:101–121.
Ghani, I., Wan-Kadir, W. M., Mustafa, A., and Babir, M. I. (2019). Microservice testing approaches: A systematic literature review. International Journal of Integrated Engineering, 11(8):65–80.
Hannousse, A. and Yahiouche, S. (2021). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 41:100415.
Panahande, M. and Miller, J. (2023). A systematic review on microservice testing. Research Square.
ul Haq, S. M. (2008). Assessing the quality of primary studies in systematic reviews. International Journal of Health Promotion and Education, 46:139–141.
Domingos, L. and Farina, R. (2020). MicroserviÇos: um estudo de caso apontando suas potencialidades. Revista Interface Tecnológica, 17:18–30.
Díaz-Rojas, J. A., Ocharán-Hernández, J. O., Pérez-Arriaga, J. C., and Limón, X. (2021). Web api security vulnerabilities and mitigation mechanisms: A systematic mapping study. In 2021 9th International Conference in Software Engineering Research and Innovation (CONISOFT), pages 207–218.
García, J. C., Hernández, J. O. O., Arriaga, J. C. P., and Riaño, H. J. L. (2023). Advances in web api testing: A systematic mapping study. In 2023 Mexican International Conference on Computer Science (ENC), pages 1–8.
Garousi, V., Felderer, M., and Mäntylä, M. V. (2016). The need for multivocal literature reviews in software engineering: complementing systematic literature reviews with grey literature. In Proceedings of the 20th International Conference on Evaluation and Assessment in Software Engineering, EASE ’16, New York, NY, USA. Association for Computing Machinery.
Garousi, V., Felderer, M., and Mäntylä, M. V. (2019). Guidelines for including grey literature and conducting multivocal literature reviews in software engineering. Information and Software Technology, 106:101–121.
Ghani, I., Wan-Kadir, W. M., Mustafa, A., and Babir, M. I. (2019). Microservice testing approaches: A systematic literature review. International Journal of Integrated Engineering, 11(8):65–80.
Hannousse, A. and Yahiouche, S. (2021). Securing microservices and microservice architectures: A systematic mapping study. Computer Science Review, 41:100415.
Panahande, M. and Miller, J. (2023). A systematic review on microservice testing. Research Square.
ul Haq, S. M. (2008). Assessing the quality of primary studies in systematic reviews. International Journal of Health Promotion and Education, 46:139–141.
Publicado
01/09/2025
Como Citar
MENDES, Ian José Soares; RODRIGUES, Lyanderson S.; SOUSA, Rubens A. da S.; SANTOS, Ismayle de S..
Revisão Multifocal sobre ferramentas de teste e estratégias de segurança de APIs em microsserviços. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 262-272.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.11858.
