Securing Laravel

Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Security Tip: Escape Output with e(), htmlspecialchars(), & htmlentities()!
[Tip#64] Do you know the difference between `e()`, `htmlspecialchars()`, & `htmlentities()`? Can we just use `e()` for everything?
 • 
Stephen Rees-Carter
Security Tip: Is `strip_tags()` Secure?
[Tip#63] PHP includes a some really handy security-focused functions, but you need to know how to use them correctly, or you risk leaving a significant…
 • 
Stephen Rees-Carter
In Depth: Securing Apps on Forge
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
 • 
Stephen Rees-Carter
3
Most Popular
View all
Laravel Security: File Upload Vulnerability
 • Stephen Rees-Carter
5
In Depth: Adding Rehashing to Laravel
 • Stephen Rees-Carter
Security Tip: Increase Your bcrypt Rounds
 • Stephen Rees-Carter
1
In Depth: Content Security Policy
 • Stephen Rees-Carter
Security Tip: Protect Your .env File
 • Stephen Rees-Carter
New
Top
Community
Security Tip: Protect Your .env File
[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.
 • 
Stephen Rees-Carter
Security Tip: Don't Log Sensitive Data
[Tip#61] While it's tempting to throw everything into logs, keep in mind where your logs end up → plain text files, 3rd party collectors, passed around…
 • 
Stephen Rees-Carter
Security Tip: Hide Sensitive Parameters from Stack Traces
[Tip#60] Stack traces are essential for debugging complex (and even simple) issues, but there is a risk that something sensitive might be exposed within…
 • 
Stephen Rees-Carter
Security Tip: Disable Debug Mode on World-accessible Apps
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
 • 
Stephen Rees-Carter
6
In Depth: Adding Rehashing to Laravel
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the…
 • 
Stephen Rees-Carter
Security Tip: Increase Your bcrypt Rounds
[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!
 • 
Stephen Rees-Carter
1
Security Tip: Watch Out for Command Injection
[Tip#57] You've heard about SQL Injection and Cross-Site Scripting but what about another big injection avenue: Command Injection? It's less common but…
 • 
Stephen Rees-Carter
Security Tip: Compare keys with hash_equals()
[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a…
 • 
Stephen Rees-Carter
3
2 years of Securing Laravel / Laravel Security In Depth!
Thank you for subscribing and supporting Securing Laravel these past 2 years!
 • 
Stephen Rees-Carter
Securing Laravel
Securing Laravel
The essential security resource for Laravel devs, covering everything you need to keep your apps secure. Sign up to receive weekly security tips and monthly in depth articles, diving deep into security concepts you need to know!
Recommendations
View all 8
Platformer
Platformer
Casey Newton
Risky Business News
Risky Business News
Patrick Gray
Laravel Corner
Laravel Corner
Bilal Haidar
Seriously Risky Business
Seriously Risky Business
Tom Uren
Laravel News Substack
Laravel News Substack
Laravel News
Resources
Laravel Documentation
Laravel Releases & Security Notices
Stephen's Talks & Workshops
Stephen's Talks (YouTube)
Stephen's Twitter
Stephen's Mastodon
Practical Laravel Security
Laravel Security Audits and Penetration Tests
Stephen's Bluesky

Securing Laravel

AboutArchiveRecommendationsSitemap
© 2023 Stephen Rees-Carter
PrivacyTermsCollection notice
Start WritingGet the app
Substack is the home for great writing