What are the thing that I should take note when developing a web system?

Adam sounds like a fun project. I'm not an expert but I did find some information here that may be helpful. Best of Luck! https://www.itprotoday.com/windows-78/16-steps-building-secure-web-server

You should have different levels of security. for example, if submitting a form, the first line of security is the html, then javascript form validation . Thirdly, you need another level of security with php form validation which will strip the information of any malicious code. Lastly, your database should have it’s own form of defence.

There are many things to keep in mind when programming a secure website. You should work closely with the administrator, otherwise it won't work. I've already seen many websites that advertise with high security, but have no clue what they are doing. It gets sad when you look into the source code of the website and directly find a potential vulnerability. For example, if you program a login, make sure that only the current browser connection can log in and not some dubious website. Cookies must be deleted in time! This is extremely important. The best thing to do is to ask the administrator if he can help you. If he doesn't, you slap him in the face. Tell him that you want the most secure website in the world. Mean it too and stay serious. The administrator is responsible for the encryption. I'll say that your website is accessible via HTTPS. Tell him to redirect all insecure HTTP requests through a 301 redirect to the secure website. Tell him to stop all insecure connections.

If you are using libraries or frameworks, you are probably more at risk than programming everything yourself. Make sure at all times that the libraries or frameworks are loaded from a secure resource. Same with Javascript. Always check if the file is exactly what it claims to be. If not, you block the process to protect the user. All critical processes are logged and stored with a time stamp in the database. Example: "The user John tried to log in at 2019-04-24 13:37, but failed fatally because the password was not correct". If you have any further questions, please feel free to ask them. I'm happy to help. If you want, I can take 2 to 5 minutes after the completion of your project to roughly estimate the security.

by administrator do you mean the server provider? I'm doing the system all by myself is there any benefit of using a framework other than source code management? if I can implement my own security measure and use my own mvc concept does that make my system more secure than using present mvc? Thank you for that offer, I will contact you once the system is done.