web hosting security

[ABS]

Alot depends on what you'll actually be hosting. For example:

For PHP stuff:
Read through the guides here:http://phpsec.org/projects/guide/
Also take a look at: http://www.hardened-php.net/suhosin/

For ASP/.NET stuff:
You'll have to google that yourself as I don't touch Microsoft stuff

General advice:

I also recommend having an external 3rd part security and vulnerability scanner run regularly against your external IPs. There are several out there... I know Mcafee offers some, there is also Security Metrics, or if you're doing it on the cheap side and have the man power, set up your own nessus scanner (http://tenable.com/products/nessus). Which many of the 3rd party companies that offer external scanning end up using in some way or another themselves.

And obviously try to follow standard security polices like correct app tier separation with egress and ingress filtering etc... If you find yourself placing database servers in your web/external zone you're doing something wrong.

That's my 2c anyway.