Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I hack stuff on stage for fun. 😈
Security Tips
Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To solve this, Laravel 11 supports per-second!
Security Tips
[Tip #77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there too!
Security Tips
[Tip #76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.
In Depth
[In Depth #25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
Security Tips
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on the controller - here's how you get it back.
Security Tips
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Security Tips
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!
In Depth
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Security Tips
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!
Security Tips
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Security Tips
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I Been Pwned's Troy Hunt...
Newsletter
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your environment and sometimes even contain customer data...