Vikas,
There is no silver-bullet (econonical way) to security, meaning that you need to strike a balance between "Your known risks" and "Safeguards and countermeasures" to mitigate those risks.
From a Web based application security perspective....at the least you must have "Transport level security plus "Authentication, Authorization, Auditing and Logging" features. This is a good starting point. Beyond that you may drill deeper into your other known security risks...and choose a patterns-driven secrity design at the
J2EE component level.
I would recommend you to read the Free Sample Chapter posted in the book web site.
/Ramesh