Concerning the problem of application-level security in portal, this paper researched on security protection architecture of application-level. It built a security protection architecture of application-level which included vulnerability scanning and testing of Web application-level before the event, active protecting from Web application-level attacking during the event, detecting and recovering the modified page after the event. Application result showed that the security protection architecture achieved application-level security in portal, and enhanced portal security effectively.