Web security concerns the protection of web services and their users from abuse. Maintaining the security of a website includes using up-to-date tools & protocols (e.g., modern languages & web frameworks, using TLS, HSTS, and strong cipher suites) and writing secure code on both the server and the client side while being aware of common attacks (e.g., XSS, CSRF, LFI, RFI, SSRF, BOLA, type juggling, etc). The use of a web application firewall and CDN can also reduce the attacks on a website, e.g., putting your website hosted on a S3 bucket behind a CloudFront CDN distribution shields you against denial of wallet attacks (unauthorized API calls to your S3 bucket can cost you, so using CloudFront means your bucket name isn’t immediately obvious which helps).