Pentest webapps written in JAVA ?

["razi garbie" <r.garbie () gmail com>]

Hi fellow pentesters,

Could anyone give me some guide lines when it comes to penetration
test webapps written in JAVA?
pointers, tips, documents/papers are much appriciated.

I have no experiance when it comes to pentesting java, and ive had a
hard time finding any decent documentation when it comes to webapps in
java.
Obviously XSS, would work on the HTML parts of the app, and SQL
injections on the DB parts, but anything java specific?

(the app is running ontop of Glassfish if that makes any difference,
however pentesting the container is not my department)

//Thanks in advance

-- 
R. Garbie

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------