Some typical questions that I often get from customers is how to protect your web application against DDoS attack, forcing HTTPS, implementing OWASP 10 protection ([SQL] Injection, Broken authentication, Sensitive data exposure, XML external entities (XXE), Broken access control, Security misconfiguration, Cross-site scripting (XSS), Insecure deserialization, using components with known vulnerabilities, insufficient logging & monitoring).
These are some references on How to do protect your website in step by step mode.
Please check into https://www.cloudskillsboost.google and check for these tutorials:
- HTTP Load Balancer with Cloud Armor (link)
- Bot Management with Google Cloud Armor and reCAPTCHA (link)
- Cloud Armor Preconfigured WAF Rules (link)
- Rate Limiting with Cloud Armor (link)
- (BONUS) Securing Virtual Machines using BeyondCorp Enterprise (BCE) (link)
Please run through those tutorials, you will get the ideas on how to protect your websites through malicious attacks.