Medeiros, Ibéria Vitória de SousaCogo, Vinicius VielmoPrates, David António Cota2025-07-162025-07-1620252025http://hdl.handle.net/10400.5/102176Tese de Mestrado, Segurança Informática, 2025, Universidade de Lisboa, Faculdade de CiênciasWeb applications are frequently targeted due to vulnerabilities in their source code, particularly weaknesses such as Cross-Site Scripting (XSS) and SQL injection (SQLi). When exploited, these vulnerabilities can compromise the confidentiality, integrity, and availability of data, potentially putting users at risk. Given the constant discovery of new security flaws, continuous monitoring is essential. However, remediation teams face significant challenges, as detecting and fixing vulnerabilities is a time-consuming process that can take months, leaving systems exposed to malicious exploitation. Although automated tools exist to detect vulnerabilities, they often provide limited guidance on remediation, offering only vague or insufficient recommendations. As a result, the teams spend additional time identifying appropriate fixes, further delaying the remediation process. To address this issue, this research proposes the development of a tool designed to minimize human intervention in the remediation of vulnerabilities. Specifically, the tool aims to automatically identify and correct security flaws in PHP code. Unlike existing solutions, this project will use Locality Sensitive Hashing (LSH) to detect vulnerabilities based on similarity patterns. This approach enables the identification of both known and structurally similar vulnerabilities, mitigating the risks associated with code modifications, a common tactic used by attackers to evade traditional signature-based detection. Furthermore, the tool is designed to maintain a low false positive rate and to be easily adaptable to the needs of remediation teams. Its modular design allows for future enhancements, ensuring scalability and continuous improvement in vulnerability detection and mitigation. The evaluation performed, which included the comparison to other existing tools, has returned good and promising results.engCorreção automática de códigoTécnicas de similaridadeVulnerabilidades WebCorreção de códigoDeteção de códigoTeses de mestrado - 2025master thesis