BF Backward API
Irena Bojanova, Inventor/Creator, PI & Lead, NIST Bugs Framework (BF), 2014 – ~~~ #

The BF Backward API provides the BFVUL Tool backwards bugs identification functionality.

The BF formalism supports a deeper understanding of vulnerabilites as chains of weaknesses and allows for backward bug identficaton from a failure. It enables the development of new statc and dynamic analysis, simulaton, and emulaton algorithms. AI or formal methods-enabled capabilites could be used to identfy bugs and detect, analyze, prioritze, and resolve or mitgate vulnerabilites (i.e., fix the bug or a fault of each vulnerability, respectvely) to secure critcal infrastructure and supply chains.

• UI → Key required:

  https://samate.nist.gov/services/BF/BFVUL.xml/BFBackward/IEX?finalError=Query%20Injection&key=YOUR_KEY
  https://samate.nist.gov/services/BF/BFVUL.json/BFBackward/IEX?finalError=Query%20Injection&key=YOUR_KEY

• API → Key required:
  

  C#

  HttpClient client = new HttpClient() { BaseAddress = new Uri("https://samate.nist.gov/services/BF") };
  
  //replace YOUR_USER_NAME and YOUR_KEY
  client.DefaultRequestHeaders.Add("user", YOUR_USER_NAME);
  client.DefaultRequestHeaders.Add("key", YOUR_KEY);
  
  using var request = new HttpRequestMessage(HttpMethod.Post, "BFVUL/BFBackward/IEX/api") { Content = content };
  request.Headers.Accept.Add(MediaTypeNames.Application.Xml); //for XML
  //request.Headers.Accept.Add(MediaTypeNames.Application.Json); //for JSON
  
  var response = await client.SendAsync(request);
  response.EnsureSuccessStatusCode();
  var result = await response.Content.ReadAsStringAsync();
  

  Python

  //to be added//

BF CITATION:
Bojanova I (2024) Bugs Framework (BF): Formalizing Cybersecurity Weaknesses and Vulnerabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP), NIST SP 800-231. https://doi.org/10.6028/NIST.SP.800-231