[OWASP-Security101] Tomcat security

Jim Manico jim.manico at owasp.org
Wed Feb 17 00:32:28 UTC 2016

The reason you use Tomcat is so you don't have to buy commercial 
products. :)

Invest in the skills to harden Tomcat well and keep in updated. Or 
consider a service contract with some company that has experience 
hardening and keeping Tomcat patched.

And of course, this does not help your developers. You can spend a 
zillion on Tomcat hardening services but one line of insecure code will 
fully compromise the server. So be sure your developers write secure code.


On 2/15/16 4:52 PM, Kevin_Payne at bcbsil.com wrote:
> To Whom It May Concern,
> Our company is talking about moving from IBM WebSphere Application Server
> Network Deployment to Tomcat EE.  I would like to know what security
> product(s) would you recommend to purchase which would accompany the
> native security from what Tomcat has to offer.
> Thanks
> Kevin Payne
> Systems Software Program Consultant
> HCSC-ITG - MTS - WebSphere
> Desk (312) 653-7997
> Cell (312) 617-6262
> Loc Chicago 19.123C
> Kevin_Payne at bcbsil.com
> HCSC Company Disclaimer
> The information contained in this communication is confidential, private,
> proprietary, or otherwise privileged and is intended only for the use of
> the addressee.  Unauthorized use, disclosure, distribution or copying is
> strictly prohibited and may be unlawful.  If you have received this
> communication in error, please notify the sender immediately at
> (312)653-6000 in Illinois; (800) 447-7828 in Montana;
> (800)835-8699 in New Mexico; (918)560-3500 in Oklahoma;
> or (972)766-6900 in Texas.
> _______________________________________________
> Security101 mailing list
> Security101 at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/security101
> List Run By OWASP
> List Admin: Michael.Coates at owasp.org

More information about the Security101 mailing list