Eduvest - Journal of Universal Studies
Vol. 5 No. 10 (2025): Eduvest - Journal of Universal Studies

Contract Testing: A Framework for Security Evaluation in gRPC

Basri, Muhamad Zaenul Hasan (Unknown)
Lim, Charles (Unknown)
Silaen, Kalpin Erlangga (Unknown)

Article Info

Publish Date
07 Oct 2025

Abstract

The growth of APIs, including SOAP, REST, and gRPC, has made security a critical priority, with incidents such as those in the 2023 Paloalto report highlighting the financial losses resulting from API breaches. While existing tools focus on REST APIs, gRPC remains underserved, requiring time-consuming manual testing. This research aims to address this gap by proposing a security testing framework tailored to gRPC, integrating automated methods that DevSecOps can use to improve efficiency. gRPC, built on HTTP/2, uses a binary message format and client stubs generated from proto files, creating unique challenges for testing. The methodology involves extracting payloads, generating stubs from proto files, creating test cases, and executing automated tests for vulnerabilities such as SQL Injection and XSS. By analyzing gRPC components and adapting common API security practices, the framework identifies vulnerabilities, streamlines testing, and reduces manual effort. It automates processes such as payload generation and stub generation, enabling faster and more reliable testing compared to traditional methods. Results demonstrate that GSTF reduces testing time by 99% compared to manual methods while maintaining comprehensive coverage. Although some false positives were noted, the framework effectively identifies critical vulnerabilities and integrates seamlessly with DevSecOps pipelines. This approach not only improves testing efficiency by significantly reducing time but also sets a benchmark for secure API development. This study provides a practical solution for enhancing gRPC security, offering significant efficiency gains and establishing a foundation for future advancements in API security automation.

Copyrights © 2025




Citation Download
RIS
EndNote, Reference Manager, ProCite
BibTex
Latex, Jabref
Original Source
Download Original
Google Scholar
Check in Google Scholar
Journal Info
Eduvest - Journal of Universal Studies
Website

Abbrev

edv

Publisher

Green Publisher Indonesia

Subject

Aerospace Engineering Computer Science & IT Health Professions Neuroscience Social Sciences

Description

Eduvest - Journal of Universal Studies is a double blind peer-reviewed academic journal and open access to multidiciplinary fields. The journal is published monthly by Green Publisher Indonesia. Eduvest - Journal of Universal Studies provides a means for sustained discussion of relevant issues that ...