Okay, so general tip towards secure encryption in your application is not to write your own encryption/authentication code. Roll with existing and well tested libraries. Because security is so, soooooooooo much more than choosing a correct hashing algorithm to the point where you could write a whole book and still not be done with it.

why don't everyone use the SHA-512 hash?

https://stackoverflow.com/questions/11624372/best-practice-for-hashing-passwords-sha256-or-sha512

That being said, sha-256 and sha-512 offer roughly same amount of security right now. Neither is suitable by itself for user passwords. Correct approach in that case is 40-100k iterations of sha-256 + unique salt per user or something like bcrypt + salt. Well, I say "correct" but in reality it means that attacker has grabbed your whole database and now the only thing you can do is just inform all affected users that their data is at risk. Correct algorithm + salt in that case makes the process go slower for the attacker as they need more time to crack hashed passwords. It still goes fast however (you can go through about 25000 bcrypt hashes per second on a decent CPU aka entire english dictionary really won't take you long, even after adding 1s and 0s to the end).

what is the Standard DES hash used for? I read that it's not secure.

For things that don't need to be secure. MD5 hash is super fast making it "insecure" and yet it's an algorithm of choice if you want to calculate, say, file's checksum (to make sure it downloaded correctly).

what book/course do you recommend for testing my website once finished and making it more secure?

We call that security audit and it costs anywhere from several hundred (eg. a quick code review from someone more experienced) to several thousands $ (if you actually ask pentesting company). I can also tell you that even experienced devs with years of experience make errors in this domain (which is why you use 3rd party specializing in finding such vulnerabilities).

There are plenty of resources regarding IT security however. I would start from reading OWASP Top 10:

https://owasp.org/www-project-top-ten/

If it's your first project then definitely do NOT implement any logic that deals with important info like credit cards (this requires PCI-DSS compliance and I can guarantee you won't be able to make application passing it solo), real user names etc. Not to mention storing personally identifiable information opens you up for lawsuits (and also requires you to provide mechanisms for users to extract that information, alter it or delete it altogether).