That's what frameworks are for, not having to worry too much about widely known vulnerabilities. Just find production-ready components for your frontend, render stuff server side, validate all inputs client side and server side, both, and make sure only authenticated users can perform actions on the database. Do not expose any database info in params or server responses, use environment variables, don't use root as server user. Use strong passwords for all your credentials.
There, and also learn as you go. All apps are different.