In Depth
In Depth: Introducing Random
[InDepth#22] Random generates cryptographically secure random values in a range of different formats through a simple helper package for PHP.
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I hack stuff on stage for fun. 😈
In Depth
[InDepth#22] Random generates cryptographically secure random values in a range of different formats through a simple helper package for PHP.
Security Tips
[Tip#66] For those situations where you need to generate a repeatable hash or signature, reach for HMAC, rather than MD5 or SHA1.
Security Tips
[Tip#65] Before you reach for a hashing function, stop and think about what you're hashing and why you're hashing it...
Security Tips
[Tip#64] Do you know the difference between `e()`, `htmlspecialchars()`, & `htmlentities()`? Can we just use `e()` for everything?
Security Tips
[Tip#63] PHP includes a some really handy security-focused functions, but you need to know how to use them correctly, or you risk leaving a significant vulnerability waiting to be exploited! 😱
In Depth
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
Security Tips
[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.
Security Tips
[Tip#61] While it's tempting to throw everything into logs, keep in mind where your logs end up → plain text files, 3rd party collectors, passed around the development team, etc...
Security Tips
[Tip#60] Stack traces are essential for debugging complex (and even simple) issues, but there is a risk that something sensitive might be exposed within your trace... Let's ensure that doesn't happen!
Security Tips
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
In Depth
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the authentication system works in the process.
Security Tips
[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!