Detecting Information-flow vulnerabilities, such as SQL injection and cross-site scripting (XSS), is challenging for industrial web applications due to their size and complexity. Taint analysis, a form of information-flow analysis, is widely used to detect the security vulnerabilities of web applications by tracking the flow of untrusted user inputs. Currently, there are various analysis frameworks, such as SAFE, WALA and Phosphor, that support static or dynamic taint analysis. However, all the frameworks are not equally precise and scalable, they may also differ on the type of programming language and the analysis type (e.g., dynamic and static) they support. Hence, to properly evaluate the security of JavaScript-based industrial web applications (e.g., a hybrid app from our project partner company) by choosing the better static analyzer, we evaluated the precision and scalability of SAFE and WALA. The result of the evaluation indicates that SAFE provides more precise pointer analysis. Finally, by extending SAFE’s taint analysis and evaluating the security of the hybrid app, we noticed potential security alerts although we could not exploit the security vulnerabilities. But since dynamic analysis provides more precise analysis when the runtime overhead is tolerable, we also provide TaintExploit, a security JUnit test extension of Phosphor, to dynamic evaluate the security of Java-based web applications. TaintExploit detects the flow of untrusted user input at some sensitive operations (e.g., database access) and implements an automatic attack string generator to test whether the detected flow can actually lead to an attack. The evaluation of our approach on more than 200 JUnit test from 6 vulnerable web application benchmarks shows how TaintExploit can correctly detect security attack alerts. Our next plan is to perform security evaluation on more practical application to measure how our automatic attack detector tools are free from false alerts.