that depends very much on what you are going to build. If you just have a page with some css, there won't be waaay less vulnabilites (if at all). For an ecommerce website there are way more. So give more details on how you want to secure what

Idk like for an Agency website

selling services

(kind of e-commerce)

+ admin dashboard

I mean do I have to learn peneteration testing and these kind of things myself so I can fix them?

Or there could be some obvious bugs that should be fixed in every app?

well... for me bugs are unexpected things. So you might want to have a look at expected things.

To give you the basics: most of your application is public accessable. So when you want to make sure, only specific add token based if statements. That can be accesstokens, auth tokens, tokens from your env variables, ...
Don't forget that server actions are also public available.

A very big help might be this blog post: https://nextjs.org/blog/security-nextjs-server-components-actions

It helped me to better understand auth and also on how to strcuture the project so you don't leak anything. Take a look at it and I am sure you like it 🙂

@Asiatic Lion solved?