In a sophisticated and coordinated cyber-attack $100 million has been stolen from Bangladesh's account. Attackers introduced malicious code remotely into the Bangladesh Bank's server, which allowed them to process and authorize the transactions. Advanced attack techniques poses threats to all web application systems. Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) are two vulnerabilities which have techniques that are similar to those of the Bangladesh Bank heist. XSS and CSRF are third and eighth of the top ten web application vulnerabilities on OWASP list from 2013 till now. Both these attacks violate the users trust for the websites and web browsers. Because of the severity of these vulnerabilities, security specialists have always shared their concern and warned the web developers. Yet Bangladesh government's and developers' reluctance to address the severity of the attacks resulted in Bangladesh Bank heist. In this paper, we aim to study and conduct an investigation of the vulnerabilities of similar attacks as these of the Bangladesh Bank heist on web applications of Bangladesh. We would focus on XSS and CSRF vulnerabilities due to their high ranking on the OWASP list. We analyze the data collected during the investigation and provide a summary of the current state and a guideline for the future web developers.