The 80/20 Rule for Web Application Security is an article by Jeremiah Grossman, focused on increasing the security without touching the source code. The article identifies the "vital few" security solutions essential to protecting a website:

• Default server error messages
• Remove or protect hidden files and directories
• Web server security add-ons
• Add httpOnly flag to sensitive cookies