Security Tips
Security Tip: Donāt Trust User Input!
[Tip#7] Always pass user input through a validator to ensure you only get the data you're expecting.
Stephen Rees-Carter
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.šµļø I hack stuff on stage for fun. š
Security Tips
Security Tip: Disable Dev & Test Commands in Production
[Tip#6] Because sometimes being paranoid is a good thing.
In Depth
In Depth #2: SQL Injection (SQLi)
Let's dive into SQL Injection, learn how it works, and what we can do with it.
Security Tips
Security Tip: The Cookie āSecureā Flag
[Tip#5] Don't forget to configure your cookies for to only work over HTTPS.
Security Tips
Security Tip: Why Parameterised Queries Are Important!
[Tip#4] We're following the theme of reminders for simple features that are easy to overlook with a reminder to use Parameterised Queries!
Security Tips
Security Tip: Store Sensitive Config in .env!
[Tip#3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!
Security Tips
Security Tip: Don't Forget About Policy Filters!
[Tip#2] Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method.
In Depth
In Depth: Encryption
[InDepth#1] Let's take a look at how Encryption works in Laravel, where it's used, and how you can use it within your applications.
Security Tips
Security Tip: Custom Encryption Keys for Cast Model Attributes
[Tip#1] A simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.
Newsletter
Welcome to Laravel Security in Depth
Each month we'll cover an aspect of Laravel security in depth, with weekly tips to fill in the gaps.