Hi,
Tomcat higher versions (I guess 7.x) has got built-in support for CSRF module you can download source code and have a look on that .There are some open-source libraries available ,one such exist from OWASP org known as OWASP CSRF Guard (I am not sure about its current limitations). A CSRF framework which works on Session/Request Token Synchronization
Patterns would be a optimal solution.
As a security standards your application must be secured enough atleast from the following type of vulnarabilities
XSS (Cross Site Scripting) / Injection attacks
CSRF (Cross-Site Request Forgery)
Session Fixation
SQL Injections
Chache Poinsioning
HTTP Response Splitting
Buffer Overflow
Failure to Restrict URL Access
Unvalidated Redirects and Forwards
Appart from the manual testing
you should use some tools for testing. Example WebInspect From HP or Rational App Scan from IBM. I have not yet used any opensource validation tools yet.
spend some time on
https://www.owasp.org and education videos on web-security at You-Tube
Good Luck
Manjesh