Journal of Informatics Electrical and Electronics Engineering, 2020, Vol. 01, Iss. 02, S. No. 003, pp. 1-11 ISSN (Online): 2582-7006 ISSN (Online) : 2582-7006 1 Journal of Informatics Electrical and Electronics Engineering (JIEEE) A2Z Journals, Devarya Education and Publications Web Application and Penetration Testing Saurabh Yadav 1 , Pawan Singh 2 1, 2 Department of Computer Science and Engineering, Amity University Uttar Pradesh, Lucknow Campus, India 1 saurabhyadav970@gmail.com, 2 pawansingh51279@gmail.com How to cite this paper: S. Yadav, P. Singh (2020) Web Application and Penetration Testing. Journal of Informatics Electrical and Elecrtonics Engineering, 1(2), 3, 1-11. http://dx.doi.org/******************** Received: 27/11/2020 Accepted: 14/12/2020 Published: 20/12/2020 Copyright © 2020 by author(s) and A2Z Journals, Devarya Education and Publications. This work is licensed under the Creative Commons Attribution International License (CC BY 4.0). http://creativecommons.org/licenses/by/4.0 / Abstract In the present scenario, the usage of internet is enormous and is escalating day by day. Internet facilities are employed in almost every field of work and people are becoming depending on it, with the increasing dependency on the internet, concern regarding information security has been increased. Because most of the work, e-commerce, chatting, payment of the bill, etc. are work through over the internet. That is why se- curity is most important for any web site. Basically, such security concern is high in the field of organizations, institutions, and the financial sector. This paper aims to address the top most vulnerability concerns and how to overcome them. This paper addresses most of the popular vulnerabilities, which are amongst the top 10 according to OWASP and addresses the precautions to be taken to deal with these vulnerabilities. This pa- per provides a better understanding in a simple and easy way. When the entire world is behind new technologies and everything is moving towards the internet, the need for security increases. One has to be sure about the security of their website as well as the security and privacy of the end users. So, when the world is demanding for new technologies there will be an increase in demand for security testing. Every application or website is considered good only when it is secure and it can only be done by a web tester. This paper explores the vulnerabilities in a precise manner. Keywords Web application, Penetration testing, OWASP 1. Introduction Web security is just not a thing you can actually ignore. Everyone makes applications and website and on the other hand the consumers want to enjoy the features but they care about their privacy and don’t want their private or sensitive information to go in wrong hands. Sensitive information may contain their email, passwords or some bank related information that can really turn their worlds upside down. Sensitive information can be easily compromised if not properly managed. Open Access