Most Important Security Practices

• Remove all passwords, keys etc from code and use vaults/jks etc for storing them securely
• Review all exposed APIs in terms of sanitising input params, build rate controls, authentication, and source whitelisting
• Build DDoS protection by reviewing perimeter architecture, implementing a WAF, put request rate limits at load balancer
• Keep reviewing all security groups, firewall rules, patch any system with vulnerable components
• Start secure code reviews for all releases and review input sanitisation, query parameterisation and other OWASP items.