Abstract: A method and system analyzes the state of security of a web application based on the structure of its components and its behavior against a well determined set of fingerprints. The system searches for components while parsing the web application, applying the well determined procedures to identify the server side technologies involved. Based on information stored in memory, the system elaborates a set of security checks to determine any vulnerabilities.