Securing Laravel

Home
Notes
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Security Tip: Watch Out for Command Injection
[Tip#57] You've heard about SQL Injection and Cross-Site Scripting but what about another big injection avenue: Command Injection? It's less common but…
 • 
Stephen Rees-Carter
Security Tip: Compare keys with hash_equals()
[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a…
 • 
Stephen Rees-Carter
3
2 years of Securing Laravel / Laravel Security In Depth!
Thank you for subscribing and supporting Securing Laravel these past 2 years!
 • 
Stephen Rees-Carter
Most Popular
View all
Laravel Security: File Upload Vulnerability
 • Stephen Rees-Carter
5
In Depth: Content Security Policy
 • Stephen Rees-Carter
In Depth: Signed URLs
 • Stephen Rees-Carter
1
Security Tip: Restricting Local File Access
 • Stephen Rees-Carter
5
Security Tip: Custom Encryption Key
 • Stephen Rees-Carter
New
Top
Community
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
 • 
Stephen Rees-Carter
2
Security Tip: Avoiding Filename Collisions
[Tip#55] Let's look at my old buddy time(), who always has something for me during my audits. This time it's helping avoid filename collisions?
Security Tip: Hijacking Domains, the Easy Way?
[Tip#54] Don't leave domains (or subdomains) pointing at servers or nameservers you don't control, or you might get a copy of the email I just received…
 • 
Stephen Rees-Carter
7
Security Tip: Bypassing CSRF Protection with File Uploads
[Tip#53] Accepting File Uploads from your users is always a risky proposal, but have you considered just how easily uploaded files can be used to bypass…
 • 
Stephen Rees-Carter
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind…
 • 
Stephen Rees-Carter
Security Tip: HTML autocomplete Attribute
[Tip#52] HTML has a lot of hidden gems, and the `autocomplete` attribute is no exception. Lets take a look at how it helps your password fields and…
 • 
Stephen Rees-Carter
2
Security Tip: Validate Your Webhooks!
[Tip#51] Just because something isn't intended for users doesn't means someone won't find it, and if they know how to use it, you'd better have some…
 • 
Stephen Rees-Carter
Security Tip: Watch out for Resource Authorisation
[Tip#50] Watch out when you mix Resource Controllers and Authorisation with custom Controller Actions and custom routes... you may find you're lacking…
 • 
Stephen Rees-Carter
OpenLampTech - Developer Interview with Stephen Rees-Carter
Security consultant and penetration tester Stephen Rees-Carter shares insights on the Securing Laravel newsletter and more.
Published on OpenLampTech • 
Securing Laravel
Securing Laravel
The essential security resource for Laravel devs, covering everything you need to keep your apps secure. Sign up to receive weekly security tips and monthly in depth articles, diving deep into security concepts you need to know!
Recommendations
View all 8
OpenLampTech
OpenLampTech
Joshua Otwell
Platformer
Platformer
Casey Newton
Risky Business News
Risky Business News
Patrick Gray
Laravel News Substack
Laravel News Substack
Laravel News
Seriously Risky Business
Seriously Risky Business
Tom Uren
Resources
Laravel Documentation
Laravel Releases & Security Notices
Stephen's Talks & Workshops
Stephen's Talks (YouTube)
Stephen's Twitter
Stephen's Mastodon
Practical Laravel Security
Laravel Security Audits and Penetration Tests

Securing Laravel

AboutArchiveRecommendationsSitemap
© 2023 Stephen Rees-Carter
PrivacyTermsCollection notice
Start WritingGet the app
Substack is the home for great writing