It wouldn’t be unreasonable to cite “web-application” as a synonym for the word ubiquitous or even omnipresent. In fact, they have permeated so seamlessly into our everyday lives that we would actually miss them if they are taken offline. Not just individuals, web applications are widely employed by organisations, irrespective of their size, to act as a medium of integration between their stakeholders (suppliers, partners, customers) for faster and considerably cheaper communication and transfer of information or data. Web applications also have utility in terms of being an efficient and cost effective means of advertisement and provision of service. It is this wide acceptability and adaptability of web applications that make them an enticing target for malicious users like hackers and attackers. The lure of quick and easy money, the thrill of gaining a peek into the private lives of other people or the urge to try out a newly learnt or acquired hack are few of the reasons users resort to hacking of web applications. The primary objective in authoring this paper is to describe Web Application Penetration Testing, its business need, benefits and methodology. This paper also highlights few of the vulnerabilities that plague a web application and the standard practices followed to identify their presence.