The types of web attack continue to appear and add their impacts on web application security, SQL injection, and XSS is one type of these attack, that causes extremely high risk for web application through stolen critical information or broken web authentication.
The aim of this paper is to design and implement software as a service for securing web applications from attack which cover two directions, the first direction: propose modern black-box web application vulnerability scanners that diminish the false positive and false negative drawback of the current black-box web application vulnerability scanner, The second proposed subsystem cloud platform as a service web application firewall hosting web application which scan all http requests to deny or accept it according to dummy execution result.
The numbers of vulnerable web applications are selected to evaluate the capability of the proposed system in detect attack and protect vulnerably web application also efficiency has evaluated through measure the server performance when WAF (Web Application Firewall) was disabled and enabled on vulnerably web application and comparison made between these two cases.According to analyzing of the experimental result shows that the proposed system can effectively and efficiently protect web application and discover SQL injection, and XSS vulnerabilities.