Biruk Aregu
Back to Blog

Building a Secure and Modern Portfolio with Next.js

February 10, 20258 min read
Web DevelopmentNext.jsSecurityReact

Project Goals

When building my personal portfolio, I didn't just want a static showcase; I wanted a platform that demonstrated my technical skills in action. The goal was to create a fast, accessible, and secure application using the latest web technologies.

Tech Stack Selection

I chose a modern stack to ensure performance and scalability:

  • Next.js 14 (App Router): For server-side rendering, improved SEO, and robust routing.
  • TypeScript: To ensure type safety and reduce runtime errors across the codebase.
  • Tailwind CSS: For rapid, utility-first styling and responsive design.
  • Framer Motion: To add smooth, professional animations without sacrificing performance.
  • Supabase: As a secure backend for form submissions and potential future features.

Security-First Development

Even for a portfolio site, security is paramount. I implemented several key practices:

1. Input Validation & Sanitization

All user inputs, particularly in the contact form, are validated using Zod schemas. This prevents malformed data from being processed and protects against basic injection attacks.

2. Secure Headers

I configured HTTP security headers to protect against common vulnerabilities:

  • Content Security Policy (CSP): Restricts the sources from which content can be loaded.
  • X-Frame-Options: Prevents clickjacking attacks.
  • X-Content-Type-Options: Prevents MIME type sniffing.

3. Dependency Management

I regularly audit dependencies using npm audit to identify and patch known vulnerabilities in third-party libraries.

Performance Optimization

A slow site is a security risk (availability) and a bad user experience. I optimized performance by:

  • Image Optimization: Using the Next.js <Image> component for automatic resizing and format conversion (WebP).
  • Code Splitting: Leveraging Next.js automatic code splitting to load only the JavaScript needed for the current page.
  • Static Generation: Statically generating blog posts and case studies for instant page loads.

Accessibility (a11y)

Security and accessibility go hand in hand—a robust site must be usable by everyone. I ensured:

  • Semantic HTML structure (headings, landmarks).
  • Proper ARIA labels for interactive elements like the mobile menu and modals.
  • Keyboard navigation support for all interactive components.
  • Sufficient color contrast ratios for readability.

Conclusion

Building this portfolio was an exercise in applying full-stack development principles to a personal project. It serves not only as a resume but as a live demonstration of my commitment to writing clean, secure, and performant code.