Security is one of the major concerns in communication networks and other online Internet based services, which are becoming pervasive in all kinds of domains like business, government, and society. Network security involves activities that all organizations, enterprises, and institutions undertake to protect the value and usability of their assets and to maintain the integrity and continuity of operations that are performed at their end. Network security exists on all the different layers of an OSI model, Application-level web security comes at the application layer and it refers to vulnerabilities inherent in the code of a web-application itself irrespective of the technologies in which it is implemented. Security in web applications is becoming very important because of the real time transactions that are required over the internet these days. Various attacks are carried out on the web applications and behind every attack; there is vulnerability of some types or the other. Now-a-days application-level vulnerabilities have been exploited with serious consequences: E-commerce sites are tricked by attackers and they lead into shipping goods for no charge, usernames and passwords have been cracked, and confidential and important credentials of users have been leaked. SQL Injection attacks and Cross-Site Scripting attacks are the two most common attacks on web application. Proposed method is a new policy based Proxy Agent, which classifies the request as a scripted request, or query based request, and then, detects the respective type of attack, if any in the request. This method detects both SQL injection attack as well as the Cross-Site Scripting attacks.