ARCHIVES
Original Article
AI-Powered Vulnerability Scanner for Spring Boot Applications
Saad Mirza1
Ashwini Kadam2
Shreya Sase3
Apoorva Kulkarni4
Dr. S. K. Wagh5
1 2 3 4 Department of Computer Engineering, M. E. S. Wadia College of Engineering, Savitribai Phule Pune University, Pune, Maharashtra, India. 5 Professor, Department of Computer Engineering, M. E. S. Wadia College of Engineering, Savitribai Phule Pune University, Pune, Maharashtra, India
Published Online: May-August 2026
Pages: 741-752
Cite this article
↗ https://www.doi.org/10.59256/indjcst.20260502084References
1. SonarSource, “SonarQube Documentation,” 2025. [Online]. Available: https://docs.sonarsource.com/sonarqube/
2. FindSecBugs, “Find Security Bugs,” 2025. [Online]. Available: https: //find-sec-bugs.github.io/
3. OWASP, “Zed Attack Proxy (ZAP) Documentation,” 2025. [Online]. Available: https://www.zaproxy.org/docs/
4. Semgrep, “Semgrep Documentation,” 2025. [Online]. Available: https: //semgrep.dev/docs/
5. Snyk, “Snyk Security Platform,” 2025. [Online]. Available: https://docs. snyk.io/
6. OWASP Foundation, “OWASP Top 10: The Ten Most Critical Web Application Security Risks,” 2021. [Online]. Available: https://owasp.
org/www-project-top-ten/
7. Pivotal Software, “Spring Security Reference,” 2025. [Online]. Avail-able: https://docs.spring.io/spring-security/reference/
8. Spring, “Spring Boot Documentation,” 2025. [Online]. Available: https://docs.spring.io/spring-boot/docs/current/reference/html/
9. Z. Li et al., “VulDeePecker: A Deep Learning-Based System for Vulnerability Detection,” in NDSS, 2018.
10. Y. Zhou et al., “Devign: Effective Vulnerability Identification by Learn-ing Comprehensive Program Semantics,” in ASE, 2019.
11. F. Feng et al., “CodeBERT: A Pre-Trained Model for Programming and Natural Languages,” in EMNLP, 2020.
12. OWASP, “Automated Web Application Security Testing Using ZAP,” 2024.
13. S. Neuhaus et al., “Predicting Vulnerable Software Components,” in ACM CCS, 2007.
14. R. Seacord, “Secure Coding in C and C++,” Addison-Wesley, 2013.
15. OpenAI, “Safety Best Practices,” 2025. [Online]. Available: https:// platform.openai.com/docs/guides/safety-best-practices
16. OpenAI, “Data Usage Policies,” 2025. [Online]. Available: https:// platform.openai.com/docs/guides/your-data
17. D. Stuttard and M. Pinto, “The Web Application Hacker’s Handbook,” Wiley, 2011.
18. Mozilla, “CORS Documentation,” 2025. [Online]. Available: https:// developer.mozilla.org/en-US/docs/Web/HTTP/CORS
19. Oracle, “Java Security Overview,” 2025. [Online]. Available: https: //docs.oracle.com/javase/
20. Docker, “Docker Security,” 2025. [Online]. Available: https://docs. docker.com/engine/security/
21. Google, “API Security Best Practices,” 2024.
22. NIST, “Security and Privacy Controls for Information Systems,” 2020.
23. M. Sutton et al., “Fuzzing: Brute Force Vulnerability Discovery,” 2007.
24. Oracle, “SecureRandom Class Documentation,” 2025.
25. OWASP, “XML External Entity Prevention Cheat Sheet,” 2023
2. FindSecBugs, “Find Security Bugs,” 2025. [Online]. Available: https: //find-sec-bugs.github.io/
3. OWASP, “Zed Attack Proxy (ZAP) Documentation,” 2025. [Online]. Available: https://www.zaproxy.org/docs/
4. Semgrep, “Semgrep Documentation,” 2025. [Online]. Available: https: //semgrep.dev/docs/
5. Snyk, “Snyk Security Platform,” 2025. [Online]. Available: https://docs. snyk.io/
6. OWASP Foundation, “OWASP Top 10: The Ten Most Critical Web Application Security Risks,” 2021. [Online]. Available: https://owasp.
org/www-project-top-ten/
7. Pivotal Software, “Spring Security Reference,” 2025. [Online]. Avail-able: https://docs.spring.io/spring-security/reference/
8. Spring, “Spring Boot Documentation,” 2025. [Online]. Available: https://docs.spring.io/spring-boot/docs/current/reference/html/
9. Z. Li et al., “VulDeePecker: A Deep Learning-Based System for Vulnerability Detection,” in NDSS, 2018.
10. Y. Zhou et al., “Devign: Effective Vulnerability Identification by Learn-ing Comprehensive Program Semantics,” in ASE, 2019.
11. F. Feng et al., “CodeBERT: A Pre-Trained Model for Programming and Natural Languages,” in EMNLP, 2020.
12. OWASP, “Automated Web Application Security Testing Using ZAP,” 2024.
13. S. Neuhaus et al., “Predicting Vulnerable Software Components,” in ACM CCS, 2007.
14. R. Seacord, “Secure Coding in C and C++,” Addison-Wesley, 2013.
15. OpenAI, “Safety Best Practices,” 2025. [Online]. Available: https:// platform.openai.com/docs/guides/safety-best-practices
16. OpenAI, “Data Usage Policies,” 2025. [Online]. Available: https:// platform.openai.com/docs/guides/your-data
17. D. Stuttard and M. Pinto, “The Web Application Hacker’s Handbook,” Wiley, 2011.
18. Mozilla, “CORS Documentation,” 2025. [Online]. Available: https:// developer.mozilla.org/en-US/docs/Web/HTTP/CORS
19. Oracle, “Java Security Overview,” 2025. [Online]. Available: https: //docs.oracle.com/javase/
20. Docker, “Docker Security,” 2025. [Online]. Available: https://docs. docker.com/engine/security/
21. Google, “API Security Best Practices,” 2024.
22. NIST, “Security and Privacy Controls for Information Systems,” 2020.
23. M. Sutton et al., “Fuzzing: Brute Force Vulnerability Discovery,” 2007.
24. Oracle, “SecureRandom Class Documentation,” 2025.
25. OWASP, “XML External Entity Prevention Cheat Sheet,” 2023
Related Articles
2026
Artificial Intelligence in Learning and Teaching
2026
Admin Assist: An AI – Driven Configuration and Orchestration for Enterprise Application
2026
Enhancing Blood Group Identification using pigeon inspired optimization: An Innovative Approach
2026
Eco-Genius: Power Up Smart, Power Down Waste
2026
Crowd-Sourced Disaster Response and Rescue Assistant
2026