04 Application security

User separation (read/write users for apache)

sing database views (or stored procedures for power DBAs?)

KNOW ALL YOUR LOGFILES & Locations

Gather baseline from logfiles

Inventory of the applicationsĀ 

(Version, modules installed, modules active, md5sums of the binaries)

Track unmaintained chaotic software from CPAN etc.

Don't just assume it's disabled.

Inventory of crucial libraries (what's the libjpeg version on all my webservers)