Chapter 9. Securing the Web Tier–Design Strategies and Best Practices
For J2EE applications, the Web tier represents the front door—the entry point for all users. It is also the most frequently used initial point of attack for an adversary looking for security weaknesses in an application. This chapter will review the vulnerabilities associated with the Web tier and the patterns used to protect against them.
Web-Tier Security Patterns
You need to verify that each request is from an authenticated entity, and since different classes handle different requests, authentication code is replicated in many places and the authentication mechanism can’t ...