Cyber threats have increased drastically in the recent years and the most common targets are organisation applications or systems for data theft, disrupting the operations or any other malicious use. Incorporating website security prevents these sorts of attacks on the system. It is the act/practice of protecting websites from unauthorized access, use, modification, destruction, or disruption. A web application will be created and tested on various attacks such as Brute Force Dictionary attack, Denial-of-Service attacks, Cross Site Scripting (XSS) attack, NoSQL injections and WebSocket attacks. The vulnerabilities will be analysed, and resolved to ensure that the confidentiality, integrity, and authenticity of the user data is not compromised. To improve the website security and privacy, measures will be taken to add security features and the code of the website will be modified.