BEYOND STATIC ANALYSIS: AI TECHNIQUES FOR DETECTING WEB APPLICATION SECURITY WEAKNESSES

Authors

  • S.Sh. Kobilov Muhammad al-Xorazmiy nomidagi Toshkent axborot texnologiyalari universiteti
  • A.I. Goyibnazarov Muhammad al-Xorazmiy nomidagi Toshkent axborot texnologiyalari universiteti
  • Q.T.Umurzoqov Muhammad al-Xorazmiy nomidagi Toshkent axborot texnologiyalari universiteti

Keywords:

artificial intelligence, web security, vulnerability detection, machine learning, deep learning, static analysis, dynamic analysis, anomaly detection, secure web applications, cybersecurity automation.

Abstract

The increasing complexity of modern web applications has exposed critical limitations in traditional static analysis tools, which often fail to detect dynamic, context-dependent, or obfuscated security vulnerabilities. Recent advancements in Artificial Intelligence (AI) provide promising new directions for improving automated security assessment. This study explores machine learning–driven and deep learning–driven approaches for identifying web application weaknesses beyond static analysis. We examine AI-based anomaly detection, dynamic behavior modeling, semantic code understanding, and hybrid intelligent scanning methods capable of detecting SQL injection, XSS, authentication bypass, and logical vulnerabilities. The proposed framework integrates static features with runtime behavioral signals to enhance detection accuracy and reduce false positives. The findings demonstrate that AI-enabled methods outperform traditional scanners in identifying sophisticated attack patterns and zero-day indicators, marking a significant advancement in intelligent web security assessment.

References

M. Sharif et al., “A Survey of Machine Learning Techniques for Web Security,” Journal of Network and Computer Applications, vol. 168, 2020.

Y. Li et al., “VulDeePecker: A Deep Learning-Based Vulnerability Detection System,” NDSS Symposium, 2018.

S. Krishnan et al., “Deep Learning for Code Analysis: A Survey,” ACM Computing Surveys, vol. 55, no. 1, 2022.

OWASP Foundation, “OWASP Top 10: Web Application Security Risks,” 2021.

Available: https://owasp.org

J. Lin, Z. Su, and C. Zhang, “Graph Neural Networks in Software Engineering,” IEEE Transactions on Software Engineering, 2021.

C. Kolosnjaji et al., “Deep Learning-Based Detection of Malicious HTTP Traffic,” IEEE TrustCom, 2016.

S. Hochreiter and J. Schmidhuber, “Long Short-Term Memory,” Neural Computation, 1997.

K. A. Nguyen and Y. Kim, “Hybrid Static–Dynamic Analysis for Detecting Logic Vulnerabilities in Web Applications,” IEEE Security & Privacy Workshops, 2020.

Published

2025-11-28

Issue

Vol. 2 No. 11 (2025): UNIVERSAL INTERNATIONAL SCIENTIFIC JOURNAL

Section

Articles

License

Copyright (c) 2025 S.Sh. Kobilov, A.I. Goyibnazarov, Q.T.Umurzoqov

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

BEYOND STATIC ANALYSIS: AI TECHNIQUES FOR DETECTING WEB APPLICATION SECURITY WEAKNESSES. (2025). Universal International Scientific Journal, 2(11), 70-77. https://universaljurnal.uz/index.php/jurnal/article/view/3770