The talk gives overview of various security frameworks available for web application security implementation. Then it gives details of our implementation of security infrastructure using ESAPI. We have successfully implemented safeguards against Sql Injection, XSS, file uploads, and many more. This common infrastructure is embedded into each application making the stack secure by default. This helps application developers focus more on business problems to solve rather than common security issues.