Communications and Network, 2016, 8, 170-178 Published Online August 2016 in SciRes. http://www.scirp.org/journal/cn http://dx.doi.org/10.4236/cn.2016.83017 How to cite this paper: Rababah, O.M., Al Hwaitat, A.K., Al Manaseer, S., Fakhouri, H.N. and Halaseh, R. (2016) Web Threats Detection and Prevention Framework. Communications and Network, 8, 170-178. http://dx.doi.org/10.4236/cn.2016.83017 Web Threats Detection and Prevention Framework Osama M. Rababah 1 , Ahmad K. Al Hwaitat 2 , Saher Al Manaseer 2 , Hussam N. Fakhouri 2 , Rula Halaseh 1 1 Department of Business Information Technology, The University of Jordan, Amman, Jordan 2 Department of Computer Science, The University of Jordan, Amman, Jordan Received 29 February 2016; accepted 1 August 2016; published 4 August 2016 Copyright © 2016 by authors and Scientific Research Publishing Inc. This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/ Abstract The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlooking the need to be protected from attackers or software developers lacking the skills and experience in writing secure code. Structured Query Language (SQL) Injec- tion, cross-site scripting (XSS), Distributed Denial of service (DDos) and suspicious user behaviour are some of the common types of vulnerabilities in web applications by which the attacker can disclose the web application sensitive information such as credit card numbers and other confi- dential information. This paper proposes a framework for the detection and prevention of web threats (WTDPF) which is based on preventing the attacker from gaining access to confidential data by studying his behavior during the action of attack and taking preventive measures to re- duce the risks of the attack and as well reduce the consequences of such malicious action. The framework consists of phases which begin with the input checking phase, signature based action component phase, alert and response phases. Additionally, the framework has a logging functio- nality to store and keep track of any action taking place and as well preserving information about the attacker IP address, date and time of the attack, type of the attack, and the mechanism the at- tacker used. Moreover, we provide experimental results for different kinds of attacks, and we illu- strate the success of the proposed framework for dealing with and preventing malicious actions. Keywords SQL Injection, XSS, DDoS Attack, Suspicious User Behavior, Web Applications