Archive - Securing Laravel

New

Top

Discussion

Security Tip: Escape Output with e(), htmlspecialchars(), & htmlentities()!

[Tip#64] Do you know the difference between `e()`, `htmlspecialchars()`, & `htmlentities()`? Can we just use `e()` for everything?

Dec 4 •

Stephen Rees-Carter

November 2023

Security Tip: Is `strip_tags()` Secure?

[Tip#63] PHP includes a some really handy security-focused functions, but you need to know how to use them correctly, or you risk leaving a significant…

Nov 26 •

Stephen Rees-Carter

In Depth: Securing Apps on Forge

[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.

Nov 21 •

Stephen Rees-Carter

Security Tip: Protect Your .env File

[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.

Nov 12 •

Stephen Rees-Carter

Security Tip: Don't Log Sensitive Data

[Tip#61] While it's tempting to throw everything into logs, keep in mind where your logs end up → plain text files, 3rd party collectors, passed around…

Nov 3 •

Stephen Rees-Carter

October 2023

Security Tip: Hide Sensitive Parameters from Stack Traces

[Tip#60] Stack traces are essential for debugging complex (and even simple) issues, but there is a risk that something sensitive might be exposed within…

Oct 25 •

Stephen Rees-Carter

Security Tip: Disable Debug Mode on World-accessible Apps

[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!

Oct 17 •

Stephen Rees-Carter

In Depth: Adding Rehashing to Laravel

[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the…

Oct 9 •

Stephen Rees-Carter

Security Tip: Increase Your bcrypt Rounds

[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!

Oct 1 •

Stephen Rees-Carter

September 2023

Security Tip: Watch Out for Command Injection

[Tip#57] You've heard about SQL Injection and Cross-Site Scripting but what about another big injection avenue: Command Injection? It's less common but…

Sep 23 •

Stephen Rees-Carter

Security Tip: Compare keys with hash_equals()

[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a…

Sep 17 •

Stephen Rees-Carter

2 years of Securing Laravel / Laravel Security In Depth!

Thank you for subscribing and supporting Securing Laravel these past 2 years!

Sep 7 •

Stephen Rees-Carter

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts