The only thing that needs to be done specifically to ensure security is to always check the rights of the user for a certain action.
Vulnerabilities that used to be popular, with modern technology, you can only allow intentionally, or with zero knowledge of use when you write code "at random". So just learn and acquire skills, safety will be a side effect.
You asked for reading suggestions, so I suggest starting with the Laravel documentation.

Check and screen all incoming parameters and everything that you get from the Cookies database
you need to generate so that they cannot be faked through js in a regular console.
Well, the shitty code generates a bunch of holes, so the main recipe is to write clear code.
Well, check all uploaded files to the server.
Complex passwords for the database + competent access rights in linux - this is the main recipe.
In books, such recipes will not be given, in php through the eyes of a hacker for sure, it’s painfully everything is written there by shit coder.

Regex-checking all user (input) values ​​against the "white list" and querying the database through prepared template expressions - that's all ...
Also, it's better to additionally configure the rules on the web server .