One area of web application
security is application-level security, which refers to those vulnerabilities
that are inherited from an application itself and independent of platforms. Conducting
application-level security analysis for each web application individually can be
a complicated task. We approach this problem by building a Form-Oriented model.
A Form-Oriented model roughly consists of three parts—a dialog model (a.k.a
formchart), a layered data model, and dialog specifications. These integrated
parts together define the behaviors of a web application. We choose the
WrecDirect registration module to apply Form-Oriented modeling. With this
Form-Oriented model, we investigate security issues from three aspects: input
validation, error handling and concurrent use. We have found some artifacts in
Form-Oriented modeling such as bipartite structure and model refinement are of
great value to the security analysis.