Nowadays, almost all web applications are database driven. The number of establishments moving their data online is on the increase daily, thereby allowing users' interaction and manipulation of data globally. More Web Database security threats arise each passing day, as more web applications are being developed. Although, web application developers are getting more advanced in their skills, there are still loopholes, because the developers spend less effort in enforcing security in developed applications, primarily due to lack of security incentives, short deadline and deficiency in web application security testing training. This paper presents a review on twenty database security threats applicable to web applications. The possible control measures to eliminate such attacks were looked into in order to create awareness to web application developers and the general public. The work opines that developers should endeavor to implement all the necessary security measures while developing applications. Also, engaging in security testing training is a must for all developers. The work concludes that despite, maintaining adequate security, administrators should devise means of keeping constant backup of their online database applications.