The Watchtower

Field notes from the walls.

Security, SEO & AEO guides for developers who ship with AI — and want to ship safe.

All AEO CSRF Comparison Cursor Firebase JWT Next.js OWASP SEO SaaS Security-scanning Supabase Vercel Vibe-coding Website-security

Next.jsMar 13, 2026·20 min

Next.js Security Best Practices: 10 Things Most Developers Miss

Next.js is secure by default — until you reach for client components, route handlers, and middleware. Here are ten places the framework's footguns hide, with the correct patterns.

Read

Next.jsMar 3, 2026·17 min

How to Secure Your Next.js + Supabase App: A Complete Security Checklist

The Next.js + Supabase stack is fast to ship and easy to leak. This end-to-end checklist covers RLS, the anon vs service key, auth, headers, and the bundle — with real code.

Read