
Security Tips
Security Tip: When Is XSS Not Strictly XSS? (But Still Bad!)
[Tip #121] Technically, XSS involves injecting malicious Javascript, but sometimes you don't need any JS to get up to mischief! π
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.π΅οΈ I hack stuff on stage for fun. π
Security Tips
[Tip #121] Technically, XSS involves injecting malicious Javascript, but sometimes you don't need any JS to get up to mischief! π
Birthday Retrospective
I almost missed it, but it's time to celebrate 4 years of Securing Laravel!
Security Tips
[Tip #120] How should we safely handle resetting forgotten passwords without compromising the protection that MFA provides?
Security Tips
[Tip #119] What happens if your users lose their MFA tokens, and they never saved their recovery codes? Can you safely give them back access to their accounts?
Security Tips
[Tip #118] Account passwords are easy to compromise, so why are you relying on them to verify users within your app? If your users log in with a 2FA Token, then they should be able to prove it before performing other sensitive activities too.
In Depth
[In Depth #37] It's time to finally fulfil one of the most common requests for an In Depth article: setting up 2FA! π So let's add some TOTP 2FA to our boring user/pass auth login!
Security Tips
[Tip #117] It's easy to say "Update <package> if it's installed!", but how do you actually know if a package is installed, since it may not appear in composer.json?! Also, how did it even get there??!! π€¨
Security Notice
[Notice #4] Livewire v3 is vulnerable to an RCE (Remote Command Execution) during component property update hydration in specific scenarios. β οΈ Update your Livewire ASAP! β οΈ
Security Tips
[Tip #116] Is it a "premature optimisation" to add authorisation to your app before you know how your authorisation will be structured?
Security Tips
[Tip #115] Let's take a look at why something as simple and "harmless" as an orWhere can introduce a huge privacy risk to your application, and how you can avoid it!
In Depth
[In Depth #36] It's time to review the Livewire Volt, Vue, and React Starter Kits! Let's see what vulnerabilities are hiding under the surface, and just how easy it is to fix them... π§
Security Tips
[Tip #114] One of my favourite Laravel features, the humble HtmlString, is now available as an Eloquent Cast - which should make it much more accessible! π But there is a catch... π