Abstract: Accurately and efficiently identifying security vulnerabilities in web applications holds significant research value, especially as web systems grow in complexity and scale. Most existing studies in the field of web vulnerability detection have focused on PHP-based applications, rendering them less effective or even inapplicable when transferred to the domain of Java Web applications. Furthermore, traditional vulnerability detection methods often struggle to meet the demands of large-scale and high-efficiency scenarios. Specifically, these methods face difficulties in achieving the precision of dynamic analysis while maintaining the performance benefits of static analysis.To address these challenges, this paper proposes a novel web vulnerability detection approach based on joint frontend-backend analysis. By parsing the frontend code to extract taint source information, the method guides backend analysis for pruning irrelevant paths, thereby enhancing both the vulnerability coverage and detection efficiency. Additionally, the approach integrates both static and dynamic features of the program to construct a comprehensive code model. It combines techniques such as data flow analysis, taint analysis, symbolic execution, and lightweight dynamic solving to detect and verify potential vulnerabilities. This integrated strategy leads to a significant performance boost with minimal computational overhead.The proposed method was evaluated on 105 Java Web vulnerabilities sourced from CVE (common vulnerabilities and exposure) entries, open-source CMS (content management system) platforms, and community-developed applications. The experimental results demonstrate that each component of the system performs effectively, and the overall framework exhibits strong capability in discovering real-world Java Web vulnerabilities.