What kind of security do you implement into your Web Service?

I really like the ASVS checklist and I have also experimented with AppSensor, but how do you keep your service and your users secure? How do you defend yourself against attacks? Bonus: What security considerations does Hashnode implement?