In this technophile world, the expansion in web apps is enormous, and breaches and unauthorized access of sensitive data from various platforms over the internet. Hackers concentrate on web-based applications like shopping carts. Web applications are hard to protect against security flaws known as web application vulnerabilities. Web application pen testing is fundamental to identifying existing vulnerabilities. Buffer overflows, XSS attacks, CSRF attacks, and SQL injections are all examples of these types of attacks. In other words, once new technologies are demanded by the globe, security testing could become a growing need. This paper aims to understand the testing techniques of web apps that penetrate and identify proper counter measurements by understanding the various vulnerabilities precisely. The OWASP top 10 vulnerabilities are studied in detail, and these vulnerabilities need to be addressed with precautions and used manual and automatic approaches.