Currently, the network security situation is becoming increasingly severe because various methods of network attacks continue to emerge. Cross-site scripting(XSS) attacks and structured query language(SQL) injection attacks have been listed as two of the most common Web security vulnerabilities. The payload styles of these attacks are diverse, and traditional rule-based detection and feature-based machine learning are difficult to detect them. In order to improve the detection effect of Web attacks and reduce the complexity of manually extracting features, an approach to detect Web attacks based on bi-directional Long Short Term Memory(LSTM).We use character embedding to extract the sequence of web attack effective features, map them to feature vectors, embed the vectors into a neural network. Subsequently, we utilize a bidirectional long short-term memory recurrent neural network to train and test the model. The results show that the accuracy in the real dataset is 99.35%, and the recall reaches 99.49%. Moreover, this method could detect XSS and SQL Injection Attacks at the same time, which proves that this deep learning-based method can be applied to Web attack-aware platforms on a large scale.