Possibly, reason for that insecurity of web applications is the fact many programmers lack appropriate understanding about secure coding, so that they leave applications with flaws. This paper explores a technique for instantly protecting web applications and also the programmer informed. The approach consists in analyzing the web application source code searching for input validation vulnerabilities, and inserting fixes within the same code to correct these flaws. research within the configuration within the data mining component, along with an experimental think about the tool with plenty of free PHP applications. The tool may be extended with elevated flaws and databases, however, this set demonstrates the idea. Designing and applying WAP is a challenging task. Unlike our work, other works didn't make an effort to identify bugs and identify their whereabouts, but to evaluate the standard of the program based on the prevalence of defects and vulnerabilities. The tool does taint analysis of PHP programs, a kind of data flow analysis. Within the first four posts available would be the decision tree models. These models select for the tree nodes the attributes which have greater information gain. The C4.5/J48 model prunes the tree to attain better results. The K-NN model has far better performance since the courses are now balanced. However, the kappa, precision, and precision metrics show the Bayes models remain the worst.

Data Mining; Web Protection; Input Validation Vulnerabilities; Software Security; Source Code Static Analysis; Web Applications; PHP

Y.-W.Huangetal., “Webapplication securityassessmentbyfaultinjectionandbehaviormonitoring,”inProc.12thInt.Conf.WorldWide Web, 2003, pp. 148–159.

Y.-W. Huang et al., “Securing web application code by static analysisandruntimeprotection,”inProc.13thInt.Conf.WorldWideWeb, 2004, pp. 40–52.

J. C. Huang, Software Error Detection through Testing and Analysis. . New York, NY, USA: Wiley, 2009.

S. Son and V. Shmatikov, “SAFERPHP: Finding semantic vulnerabilities in PHP applications,” in Proc. ACM SIGPLAN 6th Workshop ProgrammingLanguagesandAnalysisforSecurity,2011.

G. T. Buehrer, B. W. Weide, and P. Sivilotti, “Using parse tree validation to prevent SQL injection attacks,” in Proc. 5th Int. Workshop Software Engineeringand Middleware,Sep.2005,pp.106–113.

L.K.SharandH.B.K.Tan, “Automated removal of crosssitescripting vulnerabilities in web applications,” Inf. Softw. Technol., vol. 54, no. 5, pp. 467–478, 2012.