Abstract:
Communicating and delivering services to the consumers through web
applications are now become very popular because of easily wide range information
support and integration of data with other applications. Absolute coding practices during
the programming and lack of security awareness are the main cause of various types of
vulnerabilities at the application level in the World Wide Web (WWW) system. Cyber
Attacks are becoming a critical risk for every digital transformation around the world.
One of the biggest weaknesses in this area is remote code execution (RCE). According to
the Web Application Security Project (CWE / SANS), RCE is on the list of sensitive
critical applications that have been vulnerable since 2016. Objective: This paper
proposes a model, and verify using SPIN model checker. Results: This research also
simulates the proposed model with automata called finite state machines and exhibits it as
a finite model. Conclusions: Various types of case studies and detection models are
introduced and compared with other vulnerability detection model. After reviewing
literatures, we found insignificant researches conducted on justifying web layer
vulnerability detection model using SPIN model.
Description:
Internet applications currently play an important role in automating traditional daily
activities by updating existing solutions. Worldwide, over 3.88 billion people use the
Internet and various Internet applications from service providers because it is easy to use
and available anywhere, anytime. For the aforementioned beneficial reasons, most
organizations or service providers, such as industry, banks, government, education,
medicine and other industries, want to offer their services to interested parties via a web
application and other online systems. Companies automate processes and offer their
clients services via web applications to achieve higher profits with greater customer
satisfaction. A modern web application stores the confidential information of
organizations and consumers for the above-mentioned reasons: The risk of using these
web applications increases daily due to various cyber-attacks. A vulnerability in Internet
applications is a serious vulnerability in the system that can be affected. ISPs use the PHP
platform to create web applications that simplify the use of code According to OWASP
and SANS, the most common security vulnerabilities are SQLi (Structured Request
Language Injection), injection of the Cross Site Scripting (XSS) injection buffer overflow
system command and Interrupted Authentication Session Management , disclosure of
confidential data, remote code execution (RCE), attachment of local files (LFI) etc.
However, the new years of remote code execution were a major threat on the Internet that
could use the web server function for script / file files.