Abstract:
Web application vulnerabilities, such as Cross-Site Scripting (XSS) and Code Injections, pose significant security risks, often leading to data breaches and privacy issues. Traditional Static Application Security Testing (SAST) tools, while effective, are limited in their ability to un- derstand code semantics and context, leading to potential missed vulnerabilities. This project investigates the integration of Large Language Models (LLMs) with SAST tools to enhance vul- nerability detection in web applications, specifically in JavaScript and PHP environments. By appending SASTs findings to LLM prompts, we explore whether this combined approach can provide more accurate and comprehensive security analysis. The research demonstrates that leveraging LLMs alongside existing static analysis tools can improve the detection of common vulnerabilities and streamline the security auditing process.
