Web applications have become critical part of business. They hold a treasure trove of data behind their front ends. Now-adays attackers are well aware of the valuable information accessible through web applications, so website security has become a major problem today. The number of vulnerabilities have multiplied in recent years. Vulnerabilities like cross site scripting(XSS),sql injection and cross site request forgery(CSRF) has emerged as a major threat to web applications. So, in order to protect web applications from these modern threats, at first vulnerability assessment should be carried out from time to time and also some preventive techniques should be followed to prevent these threats. The motivation of this paper is to promote the use of automated tools for vulnerability assessment and to follow preventive techniques in order to make web applications secure
