IAMUVIN

Blog

Blog

Technical writing on Web3, AI, and building things. Written by Uvin Vindula.

130 articles · 4 in Cybersecurity & Ethical Hacking

Cybersecurity & Ethical Hacking11 min
IAMUVIN

API Security in Next.js: Common Vulnerabilities and How to Fix Them

A practical breakdown of the API security vulnerabilities I find most often in Next.js applications — missing authentication on route handlers, IDOR flaws, unsanitized query parameters, absent rate limiting, and more. Each vulnerability comes with vulnerable code I have actually seen in production, followed by the exact fix. If you are shipping API routes in Next.js, this is the checklist that keeps your endpoints from becoming someone else's attack surface.

U
Uvin Vindula·November 17, 2025
Cybersecurity & Ethical Hacking12 min
IAMUVIN

Web Application Penetration Testing: My Methodology

A complete walkthrough of the four-phase methodology I use for web application penetration testing — from initial reconnaissance through final reporting. Covers the tools, techniques, and structured approach that turns a security assessment into actionable findings. Every engagement starts with written authorization and ends with a report that gets vulnerabilities fixed, not filed away.

U
Uvin Vindula·July 14, 2025
Cybersecurity & Ethical Hacking11 min
IAMUVIN

Security Headers in Next.js: The Complete Implementation Guide

A production-ready guide to implementing every critical security header in Next.js. Covers Content-Security-Policy with nonces for inline scripts, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy. Includes exact next.config.ts and middleware configurations from my production sites, CSP nonce generation, testing strategies, and the complete header config I deploy on every project.

U
Uvin Vindula·May 19, 2025
Cybersecurity & Ethical Hacking13 min
IAMUVIN

OWASP Top 10 for Next.js Developers: Practical Security Guide

A hands-on guide to defending Next.js applications against the OWASP Top 10 vulnerabilities. Each risk includes vulnerable code, the fixed version, and Next.js-specific middleware configurations. Covers security headers (CSP, HSTS, X-Frame-Options), server action validation, route handler auth guards, and production-ready patterns I use on every project and security audit.

U
Uvin Vindula·March 10, 2025