Everyday technology users are increasingly engaging with web and mobile applications. These programs have many uses and can be very useful in progressive use. However, these applications also represent the most accessible entry point for malicious attackers who want to wreak havoc. The continued growth and use of web applications makes the infrastructure susceptible to attacks due to the lack of comprehensive security implementation. The Open Web Application Security Project (OWASP) is a community-based, non-profit organization focused on increasing security in the realm of web applications. It was started in 2001 and since then its main goal has been to create a high level of transparency in web applications and software to enable society to make informed decisions. They are very open minded and collaborative when it comes to sharing knowledge to include and empower the masses. Every year OWASP publishes a list of the most common web application vulnerabilities. The top three have remained relatively dominant in recent years, regardless of their position. In 2013 they were: injection, broken authentication and session management, and cross-site scripting. The purpose of this paper is to delve into three of the top web application vulnerabilities of recent years and evaluate their impact. Cross-Site Scripting (XSS) was the number one vulnerability in 2007 and remains prevalent today. XSS occurs when an application accepts untrusted data and sends it to a web browser without proper validation or escaping. This allows the attacker to implement scripts in the victim's browser that allow him to perform various types of damage. Successfully using cross-site sc...... middle of paper ......ets/XSS_IAD_Factsheet_Final_Web.pdf https://www.owasp.org/index.php/Top_10_2013-Top_10 http://en. wikipedia.org/wiki/File_inclusion_vulnerability https://www.owasp.org/index.php/Top_10_2007-Malicious_File_Execution http://bretthard.in/2009/07/malicious-file-execution/ https://www.owasp. org/index.php/Top_10_2013-Top_10 http://projects.webappsec.org/w/page/13246955/Remote%20File%20Inclusion http://www.cisodesk.com/web-application-security/threats-mitigation/ insecure-direct-object-references/ http://bretthard.in/2009/07/insecure-direct-object-reference/ https://www.owasp.org/index.php/Top_10_2013-Top_10 https://www .owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References http://www.slideshare.net/RapPayne/a4-insecure-direct-object-referencepptx http://www.zone-h.org/news/id /4669http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed