Reputation: 594
General hardening tips for a Apache Tomcat JSP application
I am currently developing a quite straightforward CRUD webapplication for a company. I am using the Apache Tomcat 6.0 and JSTL 1.2
The application is on the road to being finished and withstands constructive testing and basic mischief such as invalid input format in forms.
The security level doesn't have to be too high since it's only for internal use, but still I'd like to have the basics covered.
I am now trying to harden and or achieve failsafety/exceptionsafety and am looking for general hints and tipps where the usualy error sources lie.
What I already have thought of:
- SQL Injection ('fixed' using Prepared Statements)
- Fail gracefully on SQL-Exceptions
- Range checking on parameters such as pagenumbers
What are your recommendations to this?
Thanks in advance
Upvotes: 0
Views: 1687
Answers (1)
Reputation: 139931
The OWASP (Open Web Application Security Project) guide on Tomcat is pretty thorough. Many excellent resources on that site.
Upvotes: 4
Related Questions
- Web app security architecture
- How to secure my java web application?
- How to run Tomcat in a most secure way?
- Need help to understand and implement basic web app security
- Advice on implementing security aspect of Java EE web application
- Java Web Application Security Idea
- security functions
- Security for the login page (using Servlet/JSP)
- Tomcat servlet security
- Struts2 web application security