International Journal of Research

In spite of the fact that a huge research exertion on web application security has been continuing for over 10 years, the security of web applications keeps on being a testing issue. A critical piece of that issue gets from powerless source code, frequently written in risky dialects like PHP. Source code static investigation instruments are an answer for discover vulnerabilities, yet they have a tendency to create false positives, and require extensive exertion for software engineers to physically settle the code. We investigate the utilization of a blend of techniques to find vulnerabilities in source code with less false positives. We join pollute examination, which discovers applicant vulnerabilities, with information mining, to anticipate the presence of false positives. This approach unites two methodologies that are obviously orthogonal: people coding the information about vulnerabilities (for pollute examination), joined with the apparently orthogonal approach of consequently acquiring that information (with machine learning, for information mining). Given this improved type of recognition, we propose doing programmed code revision by embeddings settles in the source code. Our approach was actualized in the WAP instrument, and an exploratory assessment was performed with a substantial arrangement of PHP applications. Our device discovered 388 vulnerabilities in 1.4 million lines of code. Its exactness and accuracy were around 5% superior to PhpMinerII's and 45% superior to Pixy's.