Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
New
Top
Discussion
Security Tip: Escape Output with e(), htmlspecialchars(), & htmlentities()!
[Tip#64] Do you know the difference between `e()`, `htmlspecialchars()`, & `htmlentities()`? Can we just use `e()` for everything?
Dec 4
•
Stephen Rees-Carter
4
Share this post
Security Tip: Escape Output with e(), htmlspecialchars(), & htmlentities()!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
November 2023
Security Tip: Is `strip_tags()` Secure?
[Tip#63] PHP includes a some really handy security-focused functions, but you need to know how to use them correctly, or you risk leaving a significant…
Nov 26
•
Stephen Rees-Carter
5
Share this post
Security Tip: Is `strip_tags()` Secure?
securinglaravel.com
Copy link
Facebook
Email
Note
Other
In Depth: Securing Apps on Forge
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
Nov 21
•
Stephen Rees-Carter
3
Share this post
In Depth: Securing Apps on Forge
securinglaravel.com
Copy link
Facebook
Email
Note
Other
3
Security Tip: Protect Your .env File
[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.
Nov 12
•
Stephen Rees-Carter
3
Share this post
Security Tip: Protect Your .env File
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Don't Log Sensitive Data
[Tip#61] While it's tempting to throw everything into logs, keep in mind where your logs end up → plain text files, 3rd party collectors, passed around…
Nov 3
•
Stephen Rees-Carter
3
Share this post
Security Tip: Don't Log Sensitive Data
securinglaravel.com
Copy link
Facebook
Email
Note
Other
October 2023
Security Tip: Hide Sensitive Parameters from Stack Traces
[Tip#60] Stack traces are essential for debugging complex (and even simple) issues, but there is a risk that something sensitive might be exposed within…
Oct 25
•
Stephen Rees-Carter
5
Share this post
Security Tip: Hide Sensitive Parameters from Stack Traces
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Disable Debug Mode on World-accessible Apps
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
Oct 17
•
Stephen Rees-Carter
4
Share this post
Security Tip: Disable Debug Mode on World-accessible Apps
securinglaravel.com
Copy link
Facebook
Email
Note
Other
6
In Depth: Adding Rehashing to Laravel
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the…
Oct 9
•
Stephen Rees-Carter
4
Share this post
In Depth: Adding Rehashing to Laravel
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Increase Your bcrypt Rounds
[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!
Oct 1
•
Stephen Rees-Carter
5
Share this post
Security Tip: Increase Your bcrypt Rounds
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
September 2023
Security Tip: Watch Out for Command Injection
[Tip#57] You've heard about SQL Injection and Cross-Site Scripting but what about another big injection avenue: Command Injection? It's less common but…
Sep 23
•
Stephen Rees-Carter
6
Share this post
Security Tip: Watch Out for Command Injection
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Compare keys with hash_equals()
[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a…
Sep 17
•
Stephen Rees-Carter
5
Share this post
Security Tip: Compare keys with hash_equals()
securinglaravel.com
Copy link
Facebook
Email
Note
Other
3
2 years of Securing Laravel / Laravel Security In Depth!
Thank you for subscribing and supporting Securing Laravel these past 2 years!
Sep 7
•
Stephen Rees-Carter
Share this post
2 years of Securing Laravel / Laravel Security In Depth!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts