What should every programmer know about security?

Unless you are an expert, you probably shouldn't roll your own security. Let trusted libraries and frameworks do the work.

  * what are certificates and what are their practical benefit (how do TLS and mTLS work on a conceptual level)
  * how should you store password auth info 
  * what is XSS and how do you prevent it
  * how to properly escape user-provided data in various contexts (sql, html, file formats and/or encodings)