Everyone we are working in a application. Where backed is laravel 5.1 and database is mysql. Both are under csf firewall and protected from the public. Below is the technology stack :-
Technology :
1) Laravel 5.1 backend Hosting : AWS/ EC2
2) Databse mysql 5.5 Hosting : RDS
3) Fronend Wordpress around 40 sites consuming api from backend.
Currently implemented Security :-
1) CSF firewall on backend.
2) Ip restrictions on RDS.
is there anything else we can do make it secure. Becuase we are saving customer personal and identification details.
Any suggestion will be appreciated.
The good solution is to make sure that you use VPC. All your DB-s should be inside VPC Private Subnet, and your Laravel application in VPC Public Subnet, so only EC2-s in Public subnet will be able to communicate with RDS. Therefore you will not need to implement IP restriction in RDS. (Configuring VPC Public and Private subnets are a bit confusing, so you can have look at youtube video and read VPC documentation )
The second good security solution is AWS WAF (Web Application Firewall). It is a very useful service if you use web technologies. You can have multiple rules, that firewall can catch. For instance, it can catch SQL injection and the request even will not reach to your server, or you can restrict request by IP and so on, please look at AWS WAF, it not so complicated and you can integrate it with your servers very fast.
To summarize, I strongly recommend using the above services in order to secure your application.