Copyright: © the author(s), publisher and licensee Technoscience Academy. This is an open-access article distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited International Journal of Scientific Research in Computer Science, Engineering and Information Technology ISSN : 2456-3307 (www.ijsrcseit.com) doi : https://doi.org/10.32628/CSEIT217281 432 Risks and Threats to Web Applications and Their Preventions: A Theoretical Study on Vital Risks and Threats Yogesh Kumar * , Anumalla Sandeep Satyanarayana, Ankit Kumar, Vikas Sharma School of Computer Science and Engineering, Lovely Professional University, Jalandhar, (Punjab) India Article Info Volume 7, Issue 2 Page Number: 250-262 Publication Issue : March-April-2021 Article History Accepted : 18 April 2021 Published : 24 April 2021 ABSTRACT With the rapid evolution of technology, almost every business is now online connecting them to the widest and narrow corners of the world. Therefore, instead of physical security, their online security is a pivotal concern the business which all depends on the web applications security. Web application attacks and their risks have become normal since past many years, and the security of web applications has received increased attentions at present. Many attacks work on real time and mostly prevention mechanisms focus on prevention and detection of these attacks on the web applications. This research focuses on giving attention to the top 10 threats that organizations need to know and to ensure the web applications are protected from these risks and attacks. Keywords : Web Application, Web Application Security, Vulnerabilities, Risks, Threats, Cyber Security. I. INTRODUCTION A web application is the system by which user can interact with a service. A three-level web application can have multiple clients in the front-end of the web application, a webserver or API at middle level and a database server at back-end. The client sends the request to the web service then server responds with an appropriate reply or with data from database to the user. Web application security is the primary concern of any web-based business. And various vulnerabilities present inside the application can act as a security threat. Web application vulnerabilities are system flaws or weakness in a web-based application commonly arise if form inputs are not properly validated or sanitized, misconfigured web servers, and application design flaws, and they can be exploited to compromise the application’s security. Vulnerabilities arise because web applications need to interact with multiple users across multiple networks, and that level of accessibility is easily taken advantage of by hackers. To ensure the security of the web applications, the very first step is to thoroughly study and analyze various vulnerabilities and attack methods. Because only after understanding all the attack methods and