You have an idea, you want to make it work on a computer, a phone a tablet. It could make you money. It could expand your business. Whatever the goal, you explain the requirements to a developer, he gives you an estimated cost and schedule. The developer codes it, tests it, debugs it and documents it. You pay him. Then you start again with the enhancements, upgrades and other goodies you now need to stand out from the crowd. This is the theory. Plenty of cases demonstrate much can go wrong.
You need to be aware of some potential risks, some on your side, some on the developer's side. After starting you request one more feature: this is called requirements creep. The developer promises 30 days: this is overly optimistic. The resulting misaligned expections create friction and at worst mistrust. Just as financial investing is not perfect science, so software development requires a good understanding by both parties of the risks and how to mitigate them.
While not as exciting a subject, and often left to last as a final add-on, security is something which needs to be baked-in from the start. Following best practices to avoid the most common issues will go a long way. A professional can help you decide what you really need and what can be farmed out to other providers. Online payments for example, is often best left to services which specialize in this area and who will carry most of the risk.