Web Application Security is a serious issue like network security and it cannot be neglected. In the last few decades the world have seen an unprecedented period of technological growth and information access. Unfortunately, along with the technological growth the threats have also increased and the awareness and readiness to deal with them have not kept pace. According to the latest revision of OWASP on July 15, 2016, the top most three web attacks are Injection, Broken authentication and session management, XSS Attacks i.e., Cross-site scripting attacks. Cross-site scripting attacks are a leading online threat. The aim of this attack is to exploit vulnerabilities in the websites which the victim visits. By compromising legitimate websites with malicious content that can capture keystrokes and record user's login information and password. If the login information and password are captured, then the personal data could be compromised. Cross-Site Scripting is the most common attack that allows the attacker to insert a malevolent code in a web page which is then used to affect the visitors of the browser and then the inserted code steals the sensitive information automatically and embezzles the delicate information. In order to prevent the XSS attack, many solutions have been suggested and most of them used are the filters that cleans the malicious input. But many of these filters do not provide prevention to the emerging attacks. Inspired by this attack, the paper proposes and implements an approach based on Extenuating Web Vulnerability with a detection and protection mechanism for a secure web access. This defending mechanism is an effective solution for extenuating web vulnerability for a secure web access. © 2017 IEEE.