I’m new to web application development and I wonder how to secure my app. Lately, I hear a lot of cases in the news where hackers stole data. If this happens regularly to professionally developed systems then how do I deal with this as starting web developer? I know this is a very general question but it seems very relevant nowadays. So where do I start with security? What are the aspects to consider? Which parts of the system are vulnerable? Etc.
Some details about my systems: I have developed a web application in PHP, JavaScript, HTTPS, HTML, and my§SQL. For logging in I used the strategy described in: https://www.tutorialrepublic.com/php-tutorial/php-mysql-login-system.php. The application is hosted on a shared server (apache) at a hosting company. The server runs php version 8.1.