Security Suggestions?

Looking for suggestions on any must read posts on security.



Any tips or suggestions .htaccess or otherwise.



I'm also interested if there are log analyizers available that look for suspect activity.



Thanks everyone!

In order to be PCI compliant, the entire store has to be under HTTPS, and not allow unprotected connection to the store. That's to protect the customer_id cookie.