Web Server Security:
Update/Patch the web server software
Minimize the server functionality disable extra modules
Delete default data/scripts
Increase logging verboseness
Update Permissions/Ownership of files
Web Application Security:
Make sure Input Validation is enforced within the code - Security QA testing
Configured to display generic error messages
Implement a software security policy
Remove or protect hidden files and directories