Tip 1: Don't trust, authenticate.

Tip 2: Keep a low profile.

Tip 3: Use misdirection and misinformation beyond reducing information exposure.Tip 4: Forcefully deny bad requests.

Tip 5: Sanitize user requests and inputs

Tip 6: Monitor and test continuously.

Tip 7: Prepare for the worst.

Tip 8: Cross the developer-administrator chasm.

via networkworld