Vulnerability assessment of websites is one of the means by which security can be improved on websites. The web is now an important means of transacting business and without security, websites cannot thrive in today's complex computer ecosystem as there are new threats emerging as old ones are being tackled. Nowadays information has become anasset to many institutions and as a result these institutions have become targets for people with malicious intents to attack these institutions. Making the investment in a methodical assessment process will ensure the next steps in developing a safety and security plan are most effective and no more costly than necessary. This paper presents a layered architecture for identification and assessment of security vulnerabilities.The developed architecture evaluates the organization's current policies and common practices and helps in identification and assessment of vulnerabilities by enlisting the aid of trained security professionals. Organizations need to have a clear plan in place to help better mitigate the vulnerabilities lies in the network or information system. Knowing what vulnerabilities exist and could therefore be exploited allows organizations and businesses to pool that information with their knowledge of potential risks and threats to their operations and build their plans accordingly. The development of comprehensive safety and security plans commonly overlooked the critical foundation step of vulnerabilities assessment. With the increasing growth of Internet it is extremely difficult to prevent unauthorized users from compromising the confidentiality, the integrity or the availability (CIA) of sensitive information.