I'm fairly new to web programming, and am wondering what are the more important security issues I ought to be aware of. I'm considering hosting rich web applications backed by
JSP and
servlets in a Debian/Tomcat environment. I might also add in a database to store user information. I know from the C side of things that you need to be paranoid in checking any request info you're given to guard against buffer overruns, but I would think that particular issue is precluded in
Java.
Are there any good resources out there for securing your webserver?