“…According to OWASP 2017 [1], vulnerabilities in web applications can be categorized into injection, sensitive data exposure, broken authentication, broken access control, XML external entities, security misconfiguration, and XSS. Web application vulnerabilities have also been classified into three high-level categories: input validation (IPV) vulnerability, session management (SM) vulnerability, and application logic (AL) vulnerability [3,4,37]. To detect vulnerabilities, many approaches, e.g., static code analysis [2,11], taint analysis [12], white box [13], machine learning approaches [14], fuzz testing [10,17], penetration testing [18], and dynamic monitoring [19,24], have been proposed.…”