Know the common attack vectors:
SQL Injection: Malicious SQL in user input. Fix: parameterized queries.
XSS (Cross-Site Scripting): Malicious scripts injected into pages. Fix: escape output, CSP headers.
CSRF (Cross-Site Request Forgery): Unauthorized actions via authenticated sessions. Fix: CSRF tokens.
Broken Authentication: Weak passwords, session fixation. Fix: strong password policies, secure session handling.
You don't need extensive security expertise, but showing awareness impresses interviewers.