As e-business matures, companies require enterprise-scalable functionality for their corporate Internet and intranet environments. To support the expansion of their computing boundaries, businesses have embraced Web application servers (WASs). These servers provide simplified development and deployment of Web-based applications. Web applications contain the presentation layer and encapsulate business logic connecting to back-end data stores and legacy applications. However, securing this malleable model presents a challenge. Savvy companies recognize that their security infrastructures need to address the e-business challenge. These companies are aware of the types of attacks that malevolent ...