© 2018 Vincent Appiah, Michael Asante, Isaac Kofi Nti and OwusuNyarko- Boateng. This open access article is distributed under a Creative Commons Attribution (CC-BY) 3.0 license. Journal of Computer Science 3 Investigations Survey of Websites and Web Application Security Threats Using Vulnerability Assessment Vincent Appiah, Michael Asante, Isaac Kofi Nti and Owusu Nyarko-Boateng Department of Electrical/Electronic Engineering and Computer Science, Sunyani Technical University, Ghana Article history Received: 14-05-2017 Revised: 17-01-2018 Accepted: 24-01-2018 Corresponding Author: Isaac Kofi Nti Department of Electrical/Electronic Engineering and Computer Science, Sunyani Technical University, Ghana Email: ntious1@gmail.com Abstract: Nowadays information has become anasset to many institutions and as a result these institutions have become targets for people with malicious intents to attack these institutions. The web is now an important means of transacting business and without security, websites cannot thrive in today’s complex computer ecosystem as there are new threats emerging as old ones are being tackled. Vulnerability assessment of websites is one of the means by which security can be improved on websites. This research seek to study and use vulnerability assessment as a tool to improve security by identifying vulnerabilities and proposing solutions to solve the security issues. Assessment was done on 5 web hosts belonging to different institutions in Ghana. Nmap, Nikto and Nessus were the tools used for the assessment, the assessment was carried out in four stages, and the first stage in the assessment was planning which involved activities and configurations performed before the actual assessment. The second stage was information gathering which involved obtaining information about the targets necessary to help identify vulnerabilities. This was followed by vulnerability scanning to identify vulnerabilities on the target hosts. The results indicated all the five hosts had security flaws which needed to be addressed. In all 16 vulnerabilities were identified on host 1, 8 vulnerabilities were identified on host 2, 15 vulnerabilities on host 3, 4 vulnerabilities on host 4 and 10 vulnerabilities on host 5. After the vulnerabilities were identified, a solution was proposed to mitigate the security flaws identified. Keywords: Website-Security, Web-Application-Security, Network- Security, Protection-Tools, Firewall, Intrusion-Detection-System, Web- Security-Scanners, Web-Security-Vulnerability, Web-Vulnerabilities, Unauthorized-Access Introduction Website, web application and internet security is noteworthy area of research that affect a very wide range of computer users. Computer Security is the protection of computing systems and the data that they store or access. Currently, computer security is one of the most talked about issues in computing. This is due to its importance in almost every computer system (Hesham and Mohammad, 2012). A critical fact in web applications and Internet security is that a computer and its associated system cannot be 100% reliable and confident (Appiah et al., 2017). Website or web application Vulnerability on the internet may compromise all the sensitive data and continuously give report on damage and cost (Durai and Priyadharsini, 2014; Appiah and Nyarko-Boateng, 2017). Website and web applications such as educational website, governments’ website, healthcare applications and financial applications interact with its backend (database) several times upon a client request and there is a compromised in the security of such website and web application it results in loss of information, financial loss, law suits and identity theft (Chaudhari and Vaidya, 2014). According to Web Application Security Consortium the security of website is used to collect users data and web applications are of most important, a report from Web Application Security Consortium shows that 49% of web application has a high severity level vulnerabilities and 13% are exposed to security vulnerabilities automatically. This unsecure website and web scripting, sql Injection,