I already had several posts related to constructing a secure website that can be released in the wild world-wide web. The following are several resources and links that will give a good idea on what one can do in order to secure a web site.
First we need a way to analyse how secure our site is and if the changes we perform to secure the site have any effect. The best way to do it easy is to use SSL Server Test from Qualys SSL Labs. ” This free online service performs a deep analysis of the configuration of any SSL web server on the public Internet. ”
In the following post from my blog I am trying to get an A+ rating A+ Security for WordPress Blog – HTTP Strict Transport Security
The following post describes how to secure the blog installation “A” Rating Security – Strong SSL Security WordPress Blog
Then a post that describes how to protect the blog from DDOS attacks: Internet: Subresource Integrity (SRI)
In case we use glashfish application server disable the unsecure protocols: Disable SSL3 in Glasshfish
As a final touch we should also use IDS to inspect and identify the threats from the incoming traffic: Data Center: IDS solution using Security Onion
Close up some holes in the SSL protocol: Disabling SSLv3 for POODLE
A forum thread from Qualys that updates the list of secure ciphers for apache : Apache configuration to achieve similar ratings to Google.com
How to create and use certificates with OpenSSL : Certificate Management with OpenSSL – General Stuff