What is a Timing Attack? Side Channels, Examples, and Safer Comparisons
Timing attacks explained for web developers, including side channels, string comparisons, real examples, and practical defences in JavaScript.
Articles
Security
Security in web development is not a separate phase you tack on at the end. It shows up in authentication, request boundaries, browser policy, dependency choices, and the defaults we ship. A lot of front‑end security work is really about removing avoidable trust mistakes before they become production incidents.
Below you will find a subset of articles from my blog specifically about Security. Although this is a topic I've been working with for many years, it's fair to say that I've not written about it often. I've only managed to publish five articles about it, which you can see and read below.
What is a Timing Attack? Side Channels, Examples, and Safer Comparisons. 
Content Security Policy in Next.js: Static Pages, Nonces, and Real‑World Trade‑Offs. Content Security Policy in Next.js: Static Pages, Nonces, and Real‑World Trade‑Offs
Plan Content Security Policy in Next.js with static pages, nonces, third‑party scripts, headers, frames, previews, and incremental deployment safely.
Implementing Authentication in Next.js Using NextAuth.js. Implementing Authentication in Next.js Using NextAuth.js
A practical guide to implementing authentication in Next.js with NextAuth.js, including sessions, callbacks, route protection, and router‑specific trade‑offs.
Why You Should Not Use Protocol‑Relative URLs. Why You Should Not Use Protocol‑Relative URLs
Avoid protocol‑relative URLs on modern sites, with reasons around HTTPS, security, performance, browser expectations, and clearer absolute resource loading.
What is CORS and Why is My JavaScript fetch Blocked? What is CORS and Why is My JavaScript
fetchBlocked?CORS explained for JavaScript fetch errors, including same‑origin policy, server opt‑in, preflight requests, credentials, and what front‑end code can fix.