Implement the Following Web Security Suggestions
Besides what we’ve already outlined in this post, there are a few other more “immediate” web application security suggestions that you can implement as a website or business owner. To learn more about each suggestion below, read the dedicated article pertaining to that topic and see if implementing each security enhancement is beneficial for your particular use-case.
Implement HTTPS and redirect all HTTP traffic to HTTPS.
Help prevent cross-site scripting attacks by implementing the x-xss-protection security header.
Implement a content security policy.
Help prevent man in the middle attacks by enabling public key pins.
Apply subresource integrity to your resource’s <script> or <link> elements
Use an updated version of TLS. To learn more, read our TLS 1.2 vs TLS 1.1 article and avoid using SSL completely.
This goes without saying, use strong passwords that employ a combination of lowercase and uppercase letters, numbers, special symbols, etc. Use a program such as KeyPass to generate and store strong passwords.