Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
About
New
Top
Discussion
Security Tip: Security Headers are Layers of Defence
[Tip#46] Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are…
May 25
•
Stephen Rees-Carter
2
Share this post
Security Tip: Security Headers are Layers of Defence
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Laravel Security In Depth → Securing Laravel
Let's talk about all the changes: new name, new domain, and a purple logo...
May 19
•
Stephen Rees-Carter
6
Share this post
Laravel Security In Depth → Securing Laravel
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
In Depth: What Are Insecure Functions?
[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the…
May 17
•
Stephen Rees-Carter
Share this post
In Depth: What Are Insecure Functions?
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Security Tip: Replace Simple Dependencies
[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually…
May 9
4
1
Share this post
Security Tip: Replace Simple Dependencies
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Security Tip: Avoiding XSS with HtmlString
[Tip#44] Checkout that one simple trick... I mean... This is my favourite way to avoid XSS.
May 1
•
Stephen Rees-Carter
1
Share this post
Security Tip: Avoiding XSS with HtmlString
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
April 2023
Security Tip: Don't Forget Rate Limiting
[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...
Apr 23
•
Stephen Rees-Carter
3
Share this post
Security Tip: Don't Forget Rate Limiting
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
In Depth: Mass-Assignment Vulnerabilities
[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...
Apr 15
•
Stephen Rees-Carter
2
Share this post
In Depth: Mass-Assignment Vulnerabilities
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Security Tip: Validating Array Inputs
[Tip#42] Validating single values is easy, but what about arrays?
Apr 7
5
Share this post
Security Tip: Validating Array Inputs
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
March 2023
Security Tip: Safely Rendering JSON in Blade
[Tip#41] It's quite common to inject JSON into Blade templates - but is it safe?
Mar 30
•
Stephen Rees-Carter
3
6
Share this post
Security Tip: Safely Rendering JSON in Blade
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
In Depth: Securing Randomness Without Breaking Things
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Mar 22
2
Share this post
In Depth: Securing Randomness Without Breaking Things
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Security Tip: Retrieving Request Values
[Tip#40] Let's complete the set of request input helpers and their security implications
Mar 16
3
Share this post
Security Tip: Retrieving Request Values
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
Security Tip: Casing Request Values
[Tip#39] Not a new feature, but definitely worth knowing about.
Mar 6
•
Stephen Rees-Carter
2
Share this post
Security Tip: Casing Request Values
securinglaravel.com
Copy link
Twitter
Facebook
Email
Notes
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts