I do like that link but it leaves it to us, the people who don't know or care deeply about this stuff, to study the problems further and come up with our own solutions. Ideally we'd be given answers instead of just a starting point for additional research.
It's hard to invest yourself in something you're not interested in.
It's also difficult to know where to begin when there are so many "unknown-unknowns."
That in mind: Don't try to be an expert. Start with awareness.
1. Don't roll your own security solutions. Leave it to the experts (i.e. a mature web framework).
2. Learn the best practices for your web framework of choice.[^1]
3. Have a basic understanding of the attacks.
You'll find security to be a far less daunting challenge when you chip away at the "unknown-unknowns."
Even if they just become "known-unknowns," you'll then know where to focus your attention and be better able to ask the right questions.
Why should we treat security like it's something we can google our way through in an afternoon? That's why sites and servers are compromised in record numbers every week.
