views:

159

answers:

2

What would be the basic and obvious security considerations and recommendations in a Java EE Web application?

+2  A: 
  • Use HTTPS
  • Use Jasypt to simplify some stuff.
  • Limit external access point.
  • Make sure you don't have a single point of failure.
  • Make sure communication channels are properly secured when needed.
  • Secure access to components by white list (give access instead of removing access).
  • Make sure the state is kept on then server side.
  • Test test test test test...
  • Keep updated on security flaws.
  • The rest is all about good design.
Loki
+1  A: 

Don't trust anything that's not under your control. The primary, most important aspect of this is: Don't trust that the input to your POST/GET handlers will come from the forms you design.

Validate all client input, especially before you use it to interact with SQL, HQL, other external data sources or the command line.