Automated black-box scanners alternatively reverse-engineer and fuzz web applications to detect vulnerabilities. It is established that the knowledge they acquired about such applications plays a key role in their ability to exhibit vulnerabilities. In this talk, we adapt a method to automatically reverse-engineer web applications. Three heuristics drive this process. Empirical experiments show that our method obtains a more precise knowledge of the application than state-of-the-art tools, and also increases vulnerability detection capability.