This research looked into different web vulnerability scanners; their strengths, limitations and also how they work. A web vulnerability scanner was used to analyse a test web application and vulnerabilities present in the system. The research evaluate the analysis and provide a countermeasure from organisation's best practices and countermeasures available that best protect web applications and to tackle the vulnerabilities of web servers, web applications and back-end database.