If your work involves running or being part of a software business, keeping it secure is almost a full-time job. However, if you don’t have someone handling this role, it is good to have proper checks to ensure that attackers go through as many gates as possible.

A few things you will need:

  • Ensure that you have a WAF in place. For example, if you are using Amazon, enable Amazon WAF. If you use Cloudflare for your DNS, Cloudflare also offers WAF as a service.
  • Update your web server, Nginx or apache with all the security settings supported.
  • Ensure that your servers IPTables only allow for traffic on desired ports and blocks all other traffic.
  • Fail2ban. Install this and have it running all the time.
  • Ensure that SSH only accepts traffic from IP’s that you trust.
  • Get a dedicated IP address for the above and accept traffic to SSH only from this IP.
  • Ensure that your servers operating system and the packages are as up to date as possible.

These should be a good starting point. You can do other things to keep your software secure, which should be at the application level. For example, ensure that you sanitise the user’s output data.