Protecting Web Applications is quite challenging. Both web applications and web server platforms that run them, are a big source of security vulnerabilities. Policy based confinement and conventional access control policies, firewalls as well as intrusion detection and prevention systems are effective in detecting a majority of attacks. However, they are unable to detect attacks that “hijack” access to web applications. This paper presents a practical approach to achieve security goals, to eliminate common security exploits, to identify various threats and to secure the important and ubiquitous Web Applications.