In accordance with a particular embodiment of the present invention, a method is offered that includes generating a symbolic string manipulation class library for one or more web applications. The manipulations are generalized into a string manipulation symbolic algebra. The method also includes performing symbolic execution for one or more web applications. Typically, a Java model checker is augmented to check for certain types of requirements or properties in performing the symbolic execution. If an error scenario exists, a solution to a set of symbolic constraints is obtained, and the solution is mapped back to a source code to obtain an error trace and a test case. In still other specific embodiments, requirements or properties are encoded through templates and checked using public domain decision procedures. The properties or requirements can relate to security validation. The symbolic execution can be customized and tuned for Java-based web applications.