In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
Stephen Rees-Carter
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I hack stuff on stage for fun. 😈
Security Tips
Security Tip: Validating HTML & Markdown Input!
[Tip#22] Validating user input is easy to forget without adding HTML or Markdown into the mix!
Security Tips
Security Tip: Non-production Mail Sending
[Tip#21] It may seem strange but non-production mail can be a security risk.
Security Tips
Security Tip: Be Careful of Auth Helpers!
[Tip#20] Laravel's helpers are great, but make sure you know everything they do before you use them.
In Depth
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Security Tips
Security Tip: Cryptographically Secure Randomness
[Tip#19] Because all randomness should be cryptographically secure.
Security Tips
Security Tip: Keep Dependencies Updated
[Tip#18] Dependencies are security risks, especially if you have a lot of them or don't keep them updated...
Newsletter
In Depth: Content Security Policy
[InDepth#7] CSPs are an incredibly powerful security feature built into the browser.
Security Tips
Security Tip: Don't Hardcode Admin Emails
[Tip#17] It's easy to forget to update the admins list when it changes...
Security Tips
Security Tip: Avoid Open Redirects!
[Tip#16] Ever clicked a link that looked legitimate, but took you somewhere unexpected?
In Depth
In Depth: Timing Attacks
[InDepth#6] You can use response timing to infer important information.
Security Tips
Security Tip: Be Careful Of Transliteration
[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! 😱