Christopher Schultz: Locking Down Apache Tomcat: Practical Security for Real-world Applications

Out of the box, Apache Tomcat is quite secure. Then you need to configure it to suit your environment, connect your data sources, and deploy your applications. Those processes can potentially reduce the security of the entire system. A thorough review of your host, network, application and configuration is necessary to identify those areas where your security needs improvement. We’ll discuss each of these areas in some detail and how some simple tweaks and tools can make you and your users safer.