My security knowledge is so bad. But I don't know where should I start.😖
My coworkers know about this, so I don't get involved on related topics.🤤
Last time I asked same question, someone gave me link, and it all about DIY welding metal tubes into a security door.🤦‍♂️
Any better suggestion?

Maybe read some books about it? Some of the more security concious members of dR may have some good suggestions for you

@jhh2450 there are so many Alice and Bob in the book, if you get what I mean 🤔

I got into it by security.stackexchange.com, but to understand the basics i recommend a book (or some free online stuff if someone knows something).
Key to understanding security is the question "what would a hacker do?". The 3 steps are reconnaissance, exploitation and retaining control. The first steps will cover networking, port scanners, social media research etc.
After that you use your knowledge to exploit a program. Basically you give that program input it didn't expect (search for sql-injection). "The art of exploitation" is a good book about this.
The last step isn't talked about much, so i'll leave it out, you'll have enough to read anyway.

If you ever want to hack a real system i recommend the "metasploitable" image

@YouAreAPIRate I took the course in university. Implemented simplified SSL in C++, you know that Alice and Bob example in the book right?! Which didn't help much in real world. Any good books focus on real applications?

@sunfishcc so you're more focused on SSL/TLS than on the topic security as a whole?

I just thought of the "handbook of applied cryptography", but it's too much math for a simple explanation

@YouAreAPIRate I'm hungry for better understanding on web application security 🤤
No problem. I'm the guy who watching multivariable calculus at 1.5 speed on YouTube just for fun 🤖

@sunfishcc in that case i recommend you https://owasp.org/ . They have a list with the most common vulnerabilities and examples.
SSL/TLS doesn't belong in the web-app-subject, its job is to secure the transport of the content from server to client. Understanding that wont help you much considering the big picture.

So go to owasp.org and start with the top 10 list, afterwards you can go through the vulnerability list for further details

@ArchLinux his last message made me believe he's looking for security-related material about application-level-security. He started with SSL/TLS, but he might have considered that as part of a web application.
If i'm right then cryptographic primitives is not what he wants.

@ArchLinux sorry for not clarify my problem. Basically I need a better understanding on how to deal with the security issues relate to web application. My goal is to build better React app.

@YouAreAPIRate oh geez. I feel you know me better then myself 😨

@sunfishcc it's simple, it's because i'm go{1,2}d.
Joke aside, you can start with remembering these principles:
1. Password hashing (bcrypt or scrypt are appropriate algorithms for that)
2. Never trust user input, validate everything on the server side
3. Read about cross site request forgery (XSRF)

There actually are injection attacks too but react already deals with those. They're still widely commen so you should at least read about them. If you have those in mind you're more advanced than the application i program at work.

Take a look at the OWASP top 10 if its software related.

@ArchLinux @jamiek94 will read it in my spare time 😉