In Depth
In Depth: Insecure Direct Object References (IDOR)
[InDepth#11] Also known as hide-and-seek, and security through obscurity!
Stephen Rees-Carter
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I hack stuff on stage for fun. 😈
Security Tips
Security Tip: Leaking Model Existence
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.
In Depth
In Depth: Magic Emails
[InDepth#10] One time codes, magic links, and more...
Security Tips
Security Tip: Watch Out for Type Juggling
[Tip#26] Type Juggling is still very much a problem.
Security Tips
Security Tip: Login Logging
[Tip#25] Try saying that fast 3 times...
Security Tips
Security Tip: Use Route Groups!
[Tip#24] It may sound trivial, but it's easy to overlook.
Security Tips
Security Tip: Scoping Bindings
[Tip#23] Because who doesn't love to scope their bindings?
In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
Security Tips
Security Tip: Validating HTML & Markdown Input!
[Tip#22] Validating user input is easy to forget without adding HTML or Markdown into the mix!
Security Tips
Security Tip: Non-production Mail Sending
[Tip#21] It may seem strange but non-production mail can be a security risk.
Security Tips
Security Tip: Be Careful of Auth Helpers!
[Tip#20] Laravel's helpers are great, but make sure you know everything they do before you use them.
In Depth
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.