Neves,Nuno Fuentecilla Maia FerreiraMedeiros,Ibéria Vitória de SousaGonçalves,David Miguel Dias2026-04-152026-04-152026http://hdl.handle.net/10400.5/118037Tese de mestrado, Segurança Informática, 2026, Universidade de Lisboa, Faculdade de CiênciasTechnological advancements and increasingly faster information processing challenges the Effective functioning and security of software programs and web applications. Int his context, web applications are the primary targets chosen by attackers, aiming to exploit potential vulnerabilities they may contain. It has become a key and essential objective to prevent, detect, and mitigate these vulnerabilities quickly and effectively. Static code analysis tools (Static Analysis Tools, SASTs) have been widely used for vulnerability detection through the inspection of application source code. These tools perform a fast execution analysis with low maintenance costs, as maintaining and modifying the code is easier. However, they generate a high number of false positives and negatives, making it necessary to implement additional methods alongside their analysis. Although SASTs are used by highly knowledgeable professionals, they are not perfect and are prone to errors, as previously mentioned. Recent studies have shown that the use of Machine Learning (ML) techniques can assist and enhance the development of these tools, improving their effectiveness [8]. In this regard, to apply these techniques, it is necessary to build a precise and reliable dataset to train ML models. This work is based on the BugSpotting1.0 website, which allows for the classification of slices (pieces of PHP code) both by SASTs and through crowdsourcing. In this dissertation, we propose a new approach to building datasets, as well as improving the classify cation algorithms of slices, which will enable the creation of reliable datasets and the use of ML models for discovering vulnerabilities in web applications written in PHP. These new implementations result in a new version of BugSpotting, version 2.0.application/pdfporVulnerabilitieson web applicationsinPHPStaticAnalysisTools(SAST)Instance classificationforuseinMLConstructionof datasets usedfromCrowdsourcingmaster thesis