Web application security issues have become increasingly prominent, to improve the security of software source code and control the security risk during software development process becomes an urgent problem.This paper analyzes common web applications security vulnerabilities, including defect forms, causes preventive measures. This paper also puts forward some measures and methods in the prevention of security vulnerabilities during the software development life cycle. This paper also gives a method which can reduce security risk from two aspects-software development process management and technical measures. These means effectively imporove the security of web application we delivered.