In today’s age of internet almost all organizations have well user-interactive dynamic web applications unlike former static web pages. These web applications are created in such a way that clients should be capable of accessing them to get intended information. But consecutively, hackers can also take the advantage of this capability to get unintended vital and confidential data. Hence it is important to increase the web application’s security, such as, by validating input and output data as well as by avoiding storage of data which is not needed on website and in database.

The Open Web Application Security Project (OWASP) provides the Top Ten project which is a list of the 10 most dangerous current Web application security flaws, along with effective methods of dealing with those flaws as follows:

• Injection

• Broken Authentication and Session Management

• Cross-Site Scripting (XSS)

• Insecure Direct Object References

• Security Misconfiguration

• Sensitive Data Exposure

• Missing Function Level Access Control

• Cross-Site Request Forgery (CSRF)

• Using Known Vulnerable Components

• Invalidated Redirects and Forwards