I've seen plenty of questions dealing with beta testing, marketing, market research and so on.
My question is which practical quality assurance and security steps should a web app or service make sure they have ready when launching to real people?
Even in a private beta, what things should absolutely be a part of a launch?
Even if you are in private beta, your server can be reached by the public. That means you'll experience occasional lightweight attacks by bots. If you have information that is valuable there is a much greater chance of large attacks on your server(s) and that will require additional hardening. For now I would recommend the following.