In this paper, we propose a machine learning based technique for detecting the security flaws on the web. Due to their unique nature and widespread usage of custom development methods, web applications are notoriously difficult to assess. Machine learning is very useful for web application security because it blends automated analytic tools with human understanding of web application semantics. It is possible for a user's browser to be deceived into doing harmful activities on other, legitimate websites after visiting a malicious website. Attacks of this kind are categorised as Cross Site Request Forgery (CSRF). As a result, web development and security organisations ignoring them for the most part, due to which numerous websites on the internet are susceptible to these types of attacks, giving them the moniker of "sleeping giant" of web-based vulnerabilities. As one of four serious CSRF vulnerabilities, we discovered on four important sites, we detail the first recorded assault against a financial institution. These vulnerabilities allow an attacker to breach a user's account and steal their personal information, including their bank details and email. We have implemented changes to the server that eliminate CSRF attacks totally, and we recommend that other websites do the same. Using this method, we created Mitch, the first machine learning (ML) fix for CSRF vulnerabilities. Mitch helped uncover 35 more CSRFs across 20 critical websites and 3 other CSRFs in usable software.