Code changes (input validation, parameterized queries, output encoding) - Library updates (upgrading vulnerable dependencies) - Configuration changes (disabling debug mode, setting secure cookie flags)