This study aims to show how security flaws of web applications can threat information security. Web Application Security is a branch of Information Security which focuses on web application level security flaws and their solutions. Evolution of Web continues with a big momentum. Amount of information shared over Web increases every day, various business domains continue to integrate their operations to digital world. This brings its own risks and makes Information Security of Web Applications more important than ever. Most common and serious Web vulnerabilities have been analyzed along with their solutions. This study focuses on how web developers can already prevent security problems during the development life cycle. What are the best practices to follow before/during the development and post-development phases? Which security tools can be used to support developers? Building totally secure web applications is not an easy job. Following security standards and development cycles with security concerns can already prevent most of the potential problems. A security checklist for web developers came out at the end of the study. Evolving web technologies and new security threats force us to keep this checklist up to date. We are working on a mechanism which will keep this checklist up to date.