Abstract: As web attacks and security threats are increasing; security teams are now working together with web application development team to mitigate the causes of attacks at its initial stage of development. The paper describes the most critical web based threats that had defaced huge number of websites and also talks about various methodologies that can be followed by developers to build a secure web application. The paper describes certain practices that aids in tackling of web application security through secure web application development.