In a world where we are fast moving towards e-commerce and business is happening over Web/Internet, security is an area of major concern for all kinds of applications B2B, B2C, or C2C because of the nature of the HTTP, which poses certain security pitfalls. Technology, languages and API make for interesting discussions, but Application Security is a topic which remains one of the most talked about. In the rush to get online, many small-to-medium sized businesses (SMB) have hurriedly built websites that enable their customers to order products and services. Most of these SMBs are not aware that they have exposed their most sensitive data to potential online theft. There are some very less real businesses that sometimes push application security down an IT manager’s priority list. Security breach or breakdown of system due to security issues can directly and indirectly lead to loss of new business opportunity, loss in existing business, loss of credibility, losing competitive edge over the competitor, and all these ultimately result in monetary losses. A comprehensive application security program will help application developers to understand the exposures online and provide specific steps that they can take to reduce the risk of breach to acceptable levels. This will include a comprehensive understanding of various attacks and threats, and solutions how to enforce effective security mechanisms and coding skills to prevent it.