Web application is widely used in many enterprises, while providing convenience, the web application brings lots of the security risk. Password is the first line of defense in the web application, the weak password problem has always been a short board in web application security protection system. The existing weak password detection method based on dynamic intercept is of high complexity and low degree of automation, which cannot meet the needs of information security supervision. In this paper, a weak password detection method based on the static analysis of webpage is proposed, which automatically extract the key information of login process by identify and analyze the form of the login page. Based on this method, a system prototype which can automatically detect the weak password for Web application and supports captcha recognize of common digital and letter combinations is realized. The system has a high degree of automation, and has good practicability and application prospect.