How would you secure a Java-based application environment against remote code execution vulnerabilities?