If your work involves running or being part of a software business, keeping it secure is almost a full-time job. However, if you don’t have someone handling this role, it is good to have proper checks to ensure that attackers go through as many gates as possible.
A few things you will need:
- Ensure that you have a WAF in place. For example, if you are using Amazon, enable Amazon WAF. If you use Cloudflare for your DNS, Cloudflare also offers WAF as a service.
- Update your web server, Nginx or apache with all the security settings supported.
- Ensure that your servers IPTables only allow for traffic on desired ports and blocks all other traffic.
- Fail2ban. Install this and have it running all the time.
- Ensure that SSH only accepts traffic from IP’s that you trust.
- Get a dedicated IP address for the above and accept traffic to SSH only from this IP.
- Ensure that your servers operating system and the packages are as up to date as possible.
These should be a good starting point. You can do other things to keep your software secure, which should be at the application level. For example, ensure that you sanitise the user’s output data.