_7hzo

I've recently been using node and Java Spring so I can learn how to build fully-fledged web apps. One of my side projects is an API that has to be secure because it has access to private data. I used JWTs for authentication but I'm not sure if it is actually secure.

When developing a product, how do you build and test it so that user information is protected, your APIs can't be abused etc.? Where do you learn this information so you can apply it in practice?