International Journal of Research

Although a cosmically enormous research exertion on web application security has been continuingforover10years,thesecurityofwebapplicationscontinuestobeachallengingproblem.Animportantpartofthatproblemderivesfromvulnerablesourcecode, regularly indicted in dangerous dialects like PHP. Source code static analys is actualizes are an answer for find vulner resources, howevertheyslopetoinciteincorrectpositives,andrequireconsiderableeffortforprogrammerstomanuallyfixthecode.Weexploretheuseofacombination of strategies to find susceptibilities in source code with less wrong positives. We amalgamate spoil examination, which finds competitor susceptibilities, with information mining, to forecast the subsistence of duplicitous positives. This approach amasses two methodologies that are apparently orthogonal: people coding the insight about susceptibilities (for spoil examination), joined with the apparently orthogonal approach of consequently getting that knowledge (with machine learning, for information mining). Given this upgraded type of identification, we propose doing programmed code amendment by embeddings fixes in the source code. Our approach was actualized in the WAP execute, and an exploratory assessment was performed with a largesetofPHPapplications.Ourtoolfound388vulnerabilitiesin1.4millionlinesofcode.Itsaccuracyandprecisionwereapproximately5%betterthanPhpMinerII'sand45%betterthanPixy's.