Using the Model Checking method to identify vulnerabilities in web applications

Abstract

To date, there are a lot of web applications that contain an error in the logic of work. Most of these vulnerabilities can be eliminated with automated testing, except for those that are enclosed in the application logic. Formal verification methods should be used to identify these logic errors. In this article, was used the method of automatic formal verification of parallel systems with a finite number of states to check and identify vulnerabilities in the application. To accomplish these tasks, a model was built in the Spin utility, verification was performed and results were obtained. Thus, an attempt was made to demonstrate one’s of the vulnerabilities in the algorithm of the web application.