I already build a large scale financial web application using spring stack(spring mvc (jquery) + ioc +jpa+ jboss7) .
It is not restful app. Now we want to perform security testing (penetration testing).
But i have no idea that what are the common security attack .
which are most common for web application ?
what kind of browser level security issue for web application ?
we already implemented following requirements :
1. Role based Access control ,session management
2. Password encryption
any one please give me some idea , which security requirements need to adapt in our application.