摘要 |
One embodiment provides a system that detects vulnerabilities in a web application. During operation, the system obtains a web request which is directed to the web application, wherein the web request specifies at least one request parameter. The system then determines whether the web request is a suspicious web request by determining if at least one request parameter matches a known attack. Next, the system determines whether the suspicious web request can cause a vulnerability of the web application to be exploited. |