The invention provides a Web application safety detection method with a white-box and a black-box combined. The method includes the following steps: step 1, white-box testing is carried out on a Web application system; step 2, black-box testing is carried out on the Web application system; step 3, file association is carried out through K; step 4, file search is carried out through S; and step 5, integrity combination testing is carried out. The Web application safety detection method with the white-box and the black-box combined solves the problems that false alarm rates of the white-box testing on the Web application system are high and bug source code positions of the black-box testing can not be located.