Top 11 Security Mistakes in Next.js 15 to Avoid - Don't Leak User Data!

👉 Arcjet for Rate Limiting + Shield + Email Validation & more: https://launch.arcjet.com/O9o7cIo (paid sponsorship). Disclaimer: this is a sponsored video (paid). It's your responsibility to evaluate safety, accuracy and other relevant parts of the reviewed product. 👉 NEW React & Next.js Course: https://bytegrad.com/courses/professional-react-nextjs Hi, I'm Wesley. I'm a brand ambassador for Kinde (paid sponsorship). 👉 Check out Kinde for auth and more https://bit.ly/3QOe1Bh 👉 NEW React & Next.js Course: https://bytegrad.com/courses/professional-react-nextjs 👉 Professional JavaScript Course: https://bytegrad.com/courses/professional-javascript 👉 Professional CSS Course: https://bytegrad.com/courses/professional-css 👉 Web development roadmap 2024 & 2025: https://email.bytegrad.com 👉 Email newsletter (BIG update soon): https://email.bytegrad.com 👉 Discord: all my courses have a private Discord ⏱️ Timestamps: 00:00 Security in Next.js 01:30 Arcjet 02:16 11 - Insufficient server action protection 06:42 Email validation (Arcjet) 09:01 10 - Insufficient route handler protection 10:13 9 - Insufficient server component (RSC) protection 12:28 8 - SQL injection 13:39 7 - XSS attack 15:25 6 - CSRF attack 16:58 OWASP & Arcjet Shield 18:13 5 - Forgetting authorization 20:39 4 - Insufficient rate limiting 22:13 3 - Insufficient bot protection 23:45 2 - Leaking data in client components 27:28 1 - Leaking data with data fetching #webdevelopment #reactjs #nextjs Note that my videos may contain mistakes. Always verify yourself that your code is safe and does what you want it to do for your specific situation. You agree by watching the videos that you are solely responsible for any mistakes in your code. This channel and all its content is owned & operated by ByteGrad Sp. z o.o. with Tax ID: PL6762676561 . . TOP resource to LEARN AI for Developers - https://datacamp.pxf.io/RGyxrR (paid sponsorship & ByteGrad Sp. z o.o. gets commission)