Abstract
Along with tremendous increase in use of web applications, the vulnerabilities associated with Web Based Applications Systems (WBAS) are also arising. As Internet is fundamental for accessing web based systems which is inherently an insecure medium. Hence, websites are potential target for various types of cybercrime activities including data breaches, buffer overflow, ransom ware, and fake technical support scams. Therefore, this study intends to identify crucial security challenges and threats encountered by the WBAS. Furthermore ataxonomy classifying the identified challenges into two major categories including client side and website attacks has been formulated. Additionally, a framework has been proposed in order to prevent various security threats on both client and website perspectives. Intensive literature has been conducted to collect the appropriate literature by deploying various devised search strings on the targeted databases. More than40 research articles, case studies and observations of the researchers published in well renowned journals and conferences have been critically reviewed for the categorization of security threats into respective dimensions. Significance of the proposed framework for the theory and practice is also discussed.