Web applications play a very important role in many domains and have become the main part to offer user services all over the world, from security issue point of view web applications vulnerability is considered easy. The types of web attack continues to appear and add their impacts on web application security. Structured Query Language Injection (SQLI) and Cross Side Script (XSS) are one type of these attacks that cause extremely high risk for web application.