The domain of Information Technology has been discussed focusing the security of in-formation based on web application. The main purpose of the paper is to pinpoint andexplain the main attacks on web applications. In the study the I have used real world webapplication to demonstrate different types of attacks and the ways of prevention againstthem. Cyber criminals are using certain tactics to gather sensitive information throughweb applications, thus it is important to study this domain of IT. Experiment has beenconducted to demonstrate the concept and achieved outcomes have been explained. It hasbeen concluded that the most of the web application vulnerabilities come from a bad de-sign, according to Microsoft Developer Network (MSDN) Design Guidelines for SecureWeb Applications, and most of the threats can be prevented by considering basics of webapplication security while designing the application.