Web security is attracting attention again due to ransomware incident that spread over the world. In recent years, many incidents have occurred on the Internet. More people than ever before use internet banking, enjoy online shopping and leisure time. "Internet" is defined as the international information network that connects the world, and the service that operates on the Internet is called "web". We use the term Internet in our daily life to mean “web”. Using web is rapidly increasing in our daily life, but there are also a number of security vulnerabilities. Since most website are open to everyone, web hacking has become the target of intensive attacks that account for most of the security incidents. It can create a fake website to steal public certificates or passwords to steal money and data, or to hack into websites and infiltrate into internal networks. Compared to explosive growth of web services, web security is far behind. Website security incidents are destructive enough to affect the entire society. The reason for periodic web hacking incidents is low security. The web is less secure than the general system because web programming is designed to be easy to access. Web is hard to be protected from firewall because it has to open 80 ports for HTTP services. Therefore, it becomes a hacker target at all times and frequent hacking accidents happen. Hackers infiltrate web server using web vulnerability to takes control of the system by uploading malware. Then the hacker modifies or stops the web service and seizes the personal information collected from the web service. Hackers also insert a malicious URL to infect malware to a system administrator PC as well as a user PC accessing through web. Hackers are able to steal sensitive data or destroy an internal system and cause enormous damage. The biggest damage from web hacking is data leakage. In addition to personal information, enterprises’ sales information is increasingly being leaked. Also, it infects malware on a personal PC that accesses a website and uses it as a DDoS attack, or it seizes a system administrator, infiltrates into an internal server, and steals confidential information. These attacks are classified as Advanced Persistent Threat (APT) attacks. To defend web hacking, security experts recommend deploying security solutions and services such as web application firewalls, web shells and malicious URL blocking and website protection. If s enterprises invest in web security, it can prevent security incidents. Enterprises should check their web security and plan it to prevent security accidents that cause damage in finance and reputation.