...

It may be possible to use SELinux to reduce the likelihood of a local root privilege escalation.  More research is required.

References

apachesecurity.net -- the web site for an O'Reilly book on securing Apache installations.  A primary source of ideas and material for this document.  Solid material, though occasionally dated or slightly inaccurate (as can be expected with almost any technology book).

Honeynet report on web application threats -- a report by the Honeynet project on common attacks against web applications.

SANS Top 20 -- the web application section of a SANS report on security threats.  Contains recommendations on hardening web application servers.

owasp.org -- web site for the Open Web Application Security Project, an organization dedicated to improving web application security.  They have a guide to writing secure web application code.