David Mytton articles - 26 total
Bot detection techniques for developers
tl;dr: Bot traffic now dominates the web, and AI scrapers are making it worse. Blocking by user...
Low latency global routing with AWS Global Accelerator
Arcjet performs real-time security analysis in the critical path of API and authentication flows....
Next.js middleware bypasses: How to tell if you were affected?
At Arcjet, we found the recent Next.js middleware bypass vulnerabilities (CVE-2025-29927 &...
Secure local Node.js dev servers with OrbStack
At Arcjet, we use OrbStack to manage our local development environment. We run various containers...
Does Next.js need a WAF?
The fact that the developers of Next.js at Vercel enable their Web Application Firewall by default...
Test security rules without breaking production: Arcjet's DRY_RUN mode
Picture this: it’s well into the evening in the office, and you sit at your computer, moments away...
Building a minimalist web server using the Go standard library + Tailwind CSS
Dependencies pose a significant maintenance burden on software projects. Every package introduces...
Remix Security Checklist
Remix has been growing in popularity as a more lightweight framework that closely follows web...
Bot spoofing and how to detect it with Arcjet
The User-Agent header is the name badge for web requests. Although it'sbeen deprecated by some...
The Wasm Component Model and idiomatic codegen
Arcjet bundles WebAssembly with our security as code SDK. This helps developers implement common...
Nosecone: a library for setting security headers in Next.js, SvelteKit, Node.js, Bun, and Deno
We’re excited to announce Nosecone, an open-source library designed to make setting security...
Multi-framework docs with Astro Starlight
Arcjet helps developers protect their apps against common attacks from bots, API abuse, form spam,...
Announcing the Arcjet NestJS & Remix adapters
Arcjet helps developers protect their apps by making it easy to drop in critical security...
Next.js server action security
Server actions were introduced in Next.js 13 and marked stable in Next.js 14 as a new way to...
Rethinking our REST API: Building the Golden API
At some point, every company reaches a crossroads where they need to stop and reassess the tools...
Building an email address parser in Rust with nom
There is no such thing as 100% security, which is why the philosophy of defense in depth requires...
Hacking (and securing) GraphQL
GraphQL is an API query language and server-side runtime that allows clients to request the exact...
How we achieve our 25ms p95 response time SLA
Arcjet brings security closer to your application by analyzing requests within the context of your...
Security Concepts for Developers: Race Condition Attacks
The Silk Road, a “darknet” black market, was the platform of choice for drug dealers and vendors of...
New SDK release for Next.js 15
Today we’re releasing a new version of the Arcjet security SDK for Next.js with performance...
Podcast: Security is moving to the frontend?!
A few weeks ago I was on the Yet Another Infra Deep Dive podcast with Snyk advisor, Ian Livingstone,...
Protecting self-hosted Coolify apps with Tailscale
Coolify is a self-hosting platform designed to simplify the deployment and management of...
Next.js security checklist
Next.js benefits from the security protections that come with React. These are mainly related to...
Structured logging for Next.js
Next.js is a powerful framework for building modern web applications, but it doesn't ship with a...
Storing secrets in env vars considered harmful
The classic twelve-factor app has config in environment variables as a core component: Apps...
Don't just code, defend: secure container deployments for developers
Writing code is not enough - you’ve also got to deploy it! This means considering all the security...