Basic stuff like SSL/TLS. How to set it up and make sure it's working properly.

The types of authentication available. How to secure passwords being sent over the internet. Types of encryption/hashing available and at least know which to use. How to let users reset passwords. Why plaintext passwords are bad.

Understanding cookies and sessions.

Basic permissions on *ix systems.

What steps to take to mitigate XSS/CSRF attacks.

Understand RFI and how to prevent. This ties into 'user data' below but as an example: If possible use your own values over those submitted by users. File selection, user selects a file and some action is performed on it. It's passed via GET. A mistake would be to use what the user submits which would allow them to traverse the file system and access other files. Instead, match their file against a list and use the value from the list, else error out.

Email injection attacks along with SQL injection.

Why you don't trust user submitted data. How to sanitize user submitted data.

When to use GET and POST with security in mind (GET requests can log sensitive information).

Basic understanding of PCI compliance for ecommerce (when it's required, how it restricts implementations, etc). The # of site owners who think it's ok to retain CC#s is appallingly high.

How to prevent directory snooping and how to reduce information leaked by applications (webserver, scripting language,etc) which can aid attackers.

In some of these cases you have to be able to go beyond understanding them and be able to explain to clients/bosses/etc why they are bad and possible repercussions if neglected. Which is often harder than just fixing the stuff.

Here's some cheat sheets : https://www.owasp.org/index.php/Cheat_Sheets

And the parent site is a good resource for more security material : https://www.owasp.org/index.php

Probably thinking some of these aren't the domain of front end developers and it could be true. But a FE Dev should be aware of them at the least.