
Ask HN: How to secure a website? - devcheese
So I&#x27;m new to deploying apps to production, I&#x27;m curious of everything I need to do to make a website secure. As of now, I only know to setup SSL, I imagine there is more beyond that.
======
rmdoss
SSL doesn't have much to do with securing your website. If you are worrying
about security, I would recommend to try to find solutions to solve the:

-integrity -availability and -confidentiality

Of your server and app. For integrity, look for file integrity monitors (OSSEC
is a good open source project that does that).

For availability: load balancers, ddos protection, auto scaling are all things
to look for. Products like CloudFlare and Sucuri can do it in the cloud for
you automatically.

For confidentiality, try isolating your server, setting up firewalls to deny
all by default, restricting access, keeping it updated, etc.

thanks,

------
mtmail
[http://guides.rubyonrails.org/security.html](http://guides.rubyonrails.org/security.html)
is a good introduction for webapps written in Ruby/Rails and their
countermeasures.

It's better to ask the same question on a <insert your programming language>
forum or StackOverflow as most frameworks have countermeasures or
configuration options included (salting password, inspecting HTTP headers,
preventing SQL injection).

------
sumodirjo
Using Cloudflare / Sucuri in front of your website won't hurt

------
tmaly
lockdown all ports except 22, 80, and 443 with iptables.

setup a fail2ban to update iptable rules to detect repeated hack attempts and
ban their ip address.

