Matti Dev

FullStack Programmer

I'm a FullStack Programmer focused on Enterprise Applications and Cloud Infrastructure.

Writing

XSS Attack Jan 20, 2026

Cross-Site Scripting (XSS) is one of the most common web vulnerabilities where an attacker injects malicious scripts into trusted websites. These scripts execute in the victim's browser, allowing attackers to steal session cookies, redirect users, or manipulate page content. This vulnerability occurs when applications include untrusted data without proper validation or encoding.

IDOR Attack Jan 24, 2026

IDOR is a web vulnerability that happens when an application provides access to objects based on user input. Attackers use IDOR vulnerabilities to obtain unauthorized access to sensitive data or resources by changing object references. Unlike classic access control vulnerabilities, in which an attacker impersonates another user, IDOR attacks involve changing direct references to objects, such as files, database entries, or URLs, to circumvent authorization checks.

CSRF Attack Jan 25, 2026

CSRF attacks exploit the authenticated sessions of users to perform unintended actions. By tricking authenticated users into executing malicious requests, attackers can, for example, initiate fund transfers, change account settings, or perform actions without the user's consent.

Projects

Chat AI with Next.js & Hono.js

Visit GitHub

FullStack project integrating a backend built with Bun.js + Hono.js. This backend exposes an endpoint for communication with ChatGPT and Claude

Next.jsServer ActionsHono.jsBun.jsTypeScript

Dashboard React + GraphQL + Express

GitHub

Dashboard template with React and GraphQL

React.jsTypeScriptMongoDBGraphQLExpress.js

Presskit

Visit

Professional DJ blog with Strapi CMS for independent content management

Next.jsShadcnResendVercel

Nigiri Bot

GitHub

Intelligent bot developed with LangChain for natural language processing. Backend built with Express and MongoDB for data management, with interactive React interface.

ReactExpressTypeScriptLangChainMongoDB

Experience

Vape Shop Ecommerce Fullstack

Jan 2024 - Dec 2024

Complete ecommerce with Mercado Pago payment gateway integration, WhatsApp, and email service. The platform was built with Next.js 16, Drizzle for database communication, PostgreSQL and Neon. Features private routes with admin dashboard, Strapi server for content management, server actions, proxy, and authentication with Better-Auth

Next.jsDrizzle ORMNeonPostgreSQLVercelStrapi

Codefend Frontend Developer

Jan 2022 - Oct 2023

Led the migration of the company's main application. The original application was built with Solid.js. I was tasked with converting all components to React with TypeScript

ReactTypeScriptSolid.js

Scientifica FullStack Developer

Nov 2022 - Jan 2025

Implementation of Landing Page for the company. The site is hosted on S3 with CloudFront distribution. Route 53 was used for domain management and SSL with AWS Certificate Manager. The backend consists of a Lambda function exposed through API Gateway to process forms. Data is stored in DynamoDB

AWS S3CloudFrontLambdaAPI GatewayDynamoDBRoute 53