What is it about?
This work presents KAVe, an open-source security tool that automatically analyzes PHP web applications to detect two of the most dangerous vulnerabilities on the web: SQL Injection (SQLi) and Cross-Site Scripting (XSS). It uses a smart combination of code graphs and multi-agent systems to trace how data flows through the application and identify risky behavior.
Featured Image
Why is it important?
Vulnerabilities like XSS and SQLi are still widespread and cause serious damage - from data theft to full system compromise. Existing tools often generate too many false alarms or miss subtle bugs. KAVe improves both accuracy and speed, making it easier for developers and security teams to find and fix problems early in development, before any user data is at risk.
Perspectives
KAVe demonstrates how combining knowledge graphs with multi-agent systems can significantly improve the precision of static security analysis. This opens new possibilities for applying Al-inspired techniques to secure software earlier in the development process - not just for PHP, but potentially for other languages in the future. Looking ahead, the team aims to extend KAVe to support more complex vulnerabilities, incorporate machine learning and large language models, and generalize the approach beyond PHP. This could help scale secure coding practices across a broader range of platforms and development environments.
Rafael Ramires
Universidade de Lisboa
Read the Original
This page is a summary of: KAVe: A Tool to Detect XSS and SQLi Vulnerabilities using a Multi-Agent System over a Multi-Layer Knowledge Graph, June 2025, ACM (Association for Computing Machinery),
DOI: 10.1145/3696630.3728601.
You can read the full text:
Contributors
The following have contributed to this page
