security takes time to learn. start by understanding in detail the request/response cycle. understand why https is important. understand headers and bodies. understand any request cannot be trusted. learn to implement owasp top 10. that's a good start actually.