A system and method for detecting vulnerabilities in a deployed web application includes developing a profile of acceptable behavior for inbound communication and outbound communication of a web application. The method also includes receiving a current inbound communication and a current outbound communication from the web application. The current inbound communication includes an inbound user request and the current outbound communication is in response to the current inbound communication. The current inbound communication and the current outbound communication are validated with the profile of acceptable behavior to identify an anomaly. The identified anomaly includes an occurrence of an acceptable behavior for the current inbound communication in combination with an occurrence of an unacceptable behavior for the current outbound communication.