Familiarize yourself with security offerings available in the AWS Marketplace as there are hundreds of security ISVs and products that can replace what you are doing natively in your application. Partner solution sets can be the answer to your specific situation or application architecture.

In addition, certain enterprise vulnerability scanning software products such as HP Fortify (available as a SaaS service or an on-premises product) or Veracode (SaaS service) can be used to identify vulnerabilities within your application code. These enterprise security tools may be expensive but they are great for the prevention of OWASP top-ten type vulnerabilities in your application, and for promoting secure coding practices in your development teams.

It is important to schedule a penetration test with specialists within your organization and to employ external consultants to ensure your production site is secure. If this is the first time your organization is doing vulnerability scans or getting penetration testing done by specialists, then ensure you allow sufficient time in your project schedule for two or three rounds of testing and remediation work.