How should website security be established? ? ?

  node.js, question
I am engaged in front-end work and do not know much about website security issues. I want to know how to make a website less vulnerable to intrusion and malicious code modification.  What fields do you need to know about website security?

1.SQL injection
2.XSS attack
3.COOKIE hijacking
Security Policy Configuration in 4.LINUX/windows
Security Configuration in 5.apache/nginx
6.DOSS attack
7.HTTPS
You need to understand all this