I am trying to assure security of a large web based application. We are considering using Jtest for security testing (among other tools) for White Box dynamic analysis.

1. has anyone ever used Jtest for security testing purpose ? Is Jtest considered relevant for security testing ?

2. What are the security concerns at code/implementation level for a web application (J2EE) in general? Is there are cool tool to test them ?

- Thanks