Yes, I am your super nerdy child and proudly present you my first self-coded web application. Of course I want to publish it live and show it to all my kindergarden-friends. You are super proud, but you also want to prevent me from a security-nightmare with my first running web-application. Your child wouldn't be such a lovely nerd if it had not already duckduckgone some security-related terms. Now it is your turn to explain what it means, what it prevents from and how it works (super basically):

• HTTPS
• Input Validation
• Authentication (oauth, JWT, more?)
• Autorization
• Security Headers
• CSRF
• CORS
• CSP
• Captcha
• Honeypot

... and maybe you are missing some very basic random stuff that is important to know before I go live?