To ensure security of a web application is an important requirement now days. One needs to first do a vulnerability assessment.
- If there is file upload feature, Application can be vulnerable for uploading viruses.
- If there is form submission, Application can be vulnerable for html/js injection.
- If plain JDBC has been used, there can be threat for sql injection.
One practice can be to setup some design and development guidelines to ensure that application is secure to at least common vulnerabilities. Please read more at http://makesecurejava.blogspot.in/