It depends on the language you're using for your web app.
Assuming you're using native PHP, I'd go for a framework, which best fits your APP. Most frameworks have classes taking security measures to the next level. I use CodeIgniter mostly, and they have great measures against almost every attack.

Hacking has become very common with the vast usage of internet. Every business or an organization is worried about the security of the application. Cross-side-scripting, Man-in-the-middle attack and SQL injection are the most common security flaws in the online websites. But in order to create a secure application, there are variety of tools in the market that allow the developers to test an application for any security gaps.Grabber, Vega, Zed Attack Proxy are open source tools which you can use to test the security vulnerabilities in the web application.

Web security is the most important issue for any website owner. Web servers are one of the most important parts of website because of the sensitive data they usually host.
It all depends on the platform you have used to build your app/website. More better if all things would be hard coded.

I would recommend to keep everything updated and update latest security patches time to time. I am always in touch with Onehoursitefix.com who helped me a lot to keep my website secure. They are experts who can do fix hacked website issues just in 1 hour.

[DELETED]