With the growth of internet, web applications have become very popular and used in every environment like medical, financial and military. But in the race to develop these online services, web applications have been developed and deployed with minimal attention given to security risks which leads to vulnerabilities in web application. Developers are mandated to deliver functionality on time and on budget but not to develop secure web applications, resulting in development of vulnerable web applications. Removing vulnerabilities after development wastes cost as well as time. So, why not Security is implemented throughout software development lifecycle it will save time and cost. Thousands of vulnerabilities are there in existing web application but this study focused on input validation vulnerabilities i.e., SQL injection and Cross Site Scripting (XSS), as they are more prevalent and have high risk. A brief introduction of web application vulnerabilities is discussed in this study. How cross site scripting and SQL injection vulnerabilities are addressed throughout the software development lifecycle is discussed. Different activities to be performed to mitigate them are suggested.