Preventing an attacker to take advantage of Web application security vulnerabilities, some traditional practices have been used by Web developers is not suitable for the new generation of Java-based development platform quickly. By understanding the new concepts and technology, and combined with OWASP recommendations for conventional risk, this paper explore some common practices which should be followed by Web developers, when using Jboss Seam to build Web applications.