1. protect hammering by blocking host
2. use shttp to send unser information encrypted
3. Apply tocken along with PHP session id
4. hash password in a good meaner
5. use session timeout to a lower value like 10 min.
6. sanitize user input & apply protection against SQL injection

After applying all these methods now I am confused about security of my application. How secure am I from all aspect of security issues.

I read some articles on security of PHP application and I found all these listed above. Now I want to know what are the additional techniques I should apply to protect my application. What are the techniques all secure sites follow like yahoo or gmail or e-commerce sites.