The indie SaaS security stack I run on a $7/mo VPS When you're a 1-3 person dev shop, you can't afford Snyk and you don't have a security team. You also can't afford to get breached. Here's the full stack I actually run on the $7/mo Hostinger VPS that serves my production SaaS. This is not a "best practices" article. Every line below corresponds to a config file in production right now. 1. UFW — block everything by default sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable Enter fullscreen mode Exit fullscreen mode Five commands. The single largest reduction in attack surface you can make in 30 seconds. Verify with sudo ufw status verbose . 2. SSH keys only, no passwords /etc/ssh/sshd_config.d/00-hardening.conf : PasswordAuthentication no PermitRootLogin no PubkeyAuthentication yes ClientAliveInterval 300 ClientAliveCountMax 2 MaxAuthTries 3 Enter fullscreen mode Exit fullscreen mode sudo systemctl restart ssh .…