<![CDATA[The growth of APIs, including SOAP, REST, and gRPC, has made security a critical priority, with incidents such as those in the 2023 Paloalto report highlighting the financial losses resulting from API breaches. While existing tools focus on REST APIs, gRPC remains underserved, requiring time-consuming manual testing. This research aims to address this gap by proposing a security testing framework tailored to gRPC, integrating automated methods that DevSecOps can use to improve efficiency. gRPC, built on HTTP/2, uses a binary message format and client stubs generated from proto files, creating unique challenges for testing. The methodology involves extracting payloads, generating stubs from proto files, creating test cases, and executing automated tests for vulnerabilities such as SQL Injection and XSS. By analyzing gRPC components and adapting common API security practices, the framework identifies vulnerabilities, streamlines testing, and reduces manual effort. It automates processes such as payload generation and stub generation, enabling faster and more reliable testing compared to traditional methods. Results demonstrate that GSTF reduces testing time by 99% compared to manual methods while maintaining comprehensive coverage. Although some false positives were noted, the framework effectively identifies critical vulnerabilities and integrates seamlessly with DevSecOps pipelines. This approach not only improves testing efficiency by significantly reducing time but also sets a benchmark for secure API development. This study provides a practical solution for enhancing gRPC security, offering significant efficiency gains and establishing a foundation for future advancements in API security automation.]]>
