Yes! I think it's one of the most important parts. Users trust you with their data. I don't use any tool but I write tests for critical parts of the applications :). There's also a lot of good practices to make programs more secure. I use OWASP Top 10 as one of my references, you can find it here: www.owasp.org/index.php/Top_1…

SSL + Devise (Rails) or just encrypt every message my users send, so even if a hacker got access to my DB he will just obtain a bunch of hashes with nonsense.

For e-mails, I just recollect all the emails send it directly to my MailChimp/Mailgun marketing list so when this arrives at my DB all of them are already encrypted. So no data to disclose.

I know that I could be making my app safe if I invest time in developing some security measures, but in the end, unless you are delivering for a big company or a hot startup, you should be shipping a better product instead of doing backend work.

I always use community libs for auth and password storage, so I don't have to implement my own logic.

Servers have some firewall rules and auth is only via ssh keys.

Let's encrypt on every domain, always.

Above everything, I ~never~ store sensitive data that isn't needed.