The increased volume of transaction and communication over the World Wide Web in industries like banking, insurance, healthcare, travel and many others has triggered a number of unprecedented security issues. Most web applications today are susceptible to attacks ranging from unauthorized access, movement, alteration or deletion of files, virus attacks, and thefts of data. The use of perimeter defenses like firewalls, anti-viruses and the likes are insufficient. Because of this, industries are seeking for more comprehensive security measures that can be incorporated in their web applications. An inclusion of defense which will evidently reduce vulnerabilities in web applications is seen to be in the development lifecycle of the application itself. Developers need to learn and examine the vulnerabilities that could possibly occur in web applications so that precautionary measures can be adopted in the implementation stage. This thesis serves as an elementary guideline for all those involved in the application's development process and more importantly designs and formulates a set of secure coding policies and guidelines as pro-active remediation strategies to strengthen the security of web applications. Beside that implement SDLC methodology to design a new production sample web site and testing the academy website which recently hosted and published.