Abstract: To overcome the difficulties of prevention Web applications to be maliciously injected which are increased by all kinds of dynamic Web technologies applied, centered on SQL and XSS injection, the research progresses of Web application injection vulnerabilities detection in recent years were reviewed. Firstly, the classification and causes of the Web application injection security vulnerabilities were summarized; Then, the complexity of security vulnerabilities detection was analyzed; Thirdly, the key technologies of the existing detection approached, including analyzing and identifying the injection points, injection delectations by software analysis and testing, by symbolic execution, by taint analysis and models were elaborated; Finally, its future development direction was presented.