System and method for accurately determining security policy for an application based on dynamic code analysis of application runtime execution(s). A dynamic recorder, dynamic code analyzer and security policy analyzer can evaluate and determine the security decisions and access to secure resources made during a security event within one or more executions of an application in order to identify an existing security policy that best matches an application's security needs. Security events may be analyzed to determine which security decisions and access to secure resources are necessary and which can be eliminated or replaced with alternative decisions or resources.