Web applications are ubiquitous and have become the de-facto standard for providing online services because of server-side programming technologies. The technology provides programmers with the flexibility to generate Web pages dynamically based on user's inputs and requirements. However, this flexibility also makes it harder to detect dynamically generated pages that contain malicious content or have vulnerabilities that allow attackers to compromise the application. To detect security vulnerabilities in Web applications, a number of static approaches have been developed, for example, input filtering techniques, syntactic structure enforcement, and static output checking. However, the disadvantage of most approaches is that they are usually implemented in independent formats and target security vulnerabilities in Web applications that are written in one object language. Thus, to check whether several server-side programs written in different languages contain vulnerabilities, one could have to implement different solutions for different languages respectively. To improve this detection process, we have developed a novel tool. Initially, we focus on C# as our target language and adopt an architecture that uses intermediate representation. In this thesis, we propose a parsing procedure and parse C# source code for a chosen intermediate representation, namely, the C intermediate language, and then apply a simple taint analysis on it. Based on the adopted architecture, we will be able to extend our tool in the future by adding other parsers that can parse another target language to the same intermediate representation. Similarly, we will able to integrate other analysis algorithms into our tool in the future by implementing them to analyze the abstract syntax of the chosen intermediate representation.