
Privacy by Design is Not a Cookie Banner
Privacy by design means building safer data handling into platforms, analytics, CRM integrations, and workflows from the start, not relying on banners later.
Articles
Security in web development is not a separate phase you tack on at the end. It shows up in authentication, request boundaries, browser policy, dependency choices, and the defaults we ship. A lot of front‑end security work is really about removing avoidable trust mistakes before they become production incidents.
Below you will find a subset of articles from my blog specifically about Security. This is an area I have worked with for many years, and it has been a regular subject in my writing. There are nine articles collected together for you below.

Privacy by design means building safer data handling into platforms, analytics, CRM integrations, and workflows from the start, not relying on banners later.

Timing attacks explained for web developers, including side channels, string comparisons, real examples, and practical defences in JavaScript.

Plan Content Security Policy in Next.js with static pages, nonces, third‑party scripts, headers, frames, previews, and incremental deployment safely.

Responsible AI becomes real only when decision ownership, data handling, audit trails, exceptions, procurement, and support are assigned to people.

How to debug NextAuth when it works locally but fails in production, covering callback URLs, cookies, secrets, middleware, providers, and Vercel.

A candid look at the OWASP Top Ten for web engineers, covering the 2021 risks, front‑end boundaries, platform decisions, and practical next steps.

A practical guide to implementing authentication in Next.js with NextAuth.js, including sessions, callbacks, route protection, and router‑specific trade‑offs.

Avoid protocol‑relative URLs on modern sites, with reasons around HTTPS, security, performance, browser expectations, and clearer absolute resource loading.

fetch Blocked?CORS explained for JavaScript fetch errors, including same‑origin policy, server opt‑in, preflight requests, credentials, and what front‑end code can fix.