Every Dev considers his Application as "safe" until he get's proven wrong.
Look up at the OWASP Top10 and tell me what you can check as "done" in your current project state:
-Broken Access Control
-Vulnerable and Outdated Components
-Identification and Authentication Failures
-Software and Data Integrity Failures
-Security Logging and Monitoring Failures
-Server-Side Request Forgery
If you want to test your "secure coding skills", there's currently an tournament about exactly that:
SCW is reviewing your written Code automaticly against the (listed above) vulnerabilities, rates your overall score and shows where and how you can improve your skills.
C# / MVC