Online matter in what so ever language u use, we need very careful on error handling. once the hacker detected what language you use on programming via error handling. they will simply hack down your web security as basic childish logic will work out.
some useful tools
Java runtime
Paros Proxy <--- google
Tamper Data .... add on on firefox
Cain & Abel <--- password recovery tools
semua catatan tentang perkembangan
http://www.exploit-db.com/