Well, not sure what is your expectation on the answer for this question ...
For JDBC,
- security: SQL Injection (solution: PreparedStatement)
- performance/resource: connection/resultset/statement not close properly (solution: properly close in multiple finally{} of exception handling for each closing)
- design: repeating code (solution: Template Design
Pattern, or use Spring JDBC Template)
... etc.
For Servlet/JSP,
- design: abuse MVC (solution: use framework, e.g.
Struts ... but still able to abuse by sucks developer)
... etc.