The Principle of Least Privilege (PoLP)

A user or process should only have the permissions necessary to perform its task—nothing more.

Avoid running applications as root.
Use chmod and chown to restrict file access.
Check for SUID binaries (often exploited): find / -perm -4000 -type f 2>/dev/null.

Create a folder /opt/app and ensure only the user app-user can read/write to it.