Stephen Rees-Carter

Security Tips

Security Tip: Laravel's Password Generator

[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!

In Depth

In Depth: Stealing Password Tokens with Forwarded Host Poisoning

[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!

Security Tips

Security Tip: Encoding/Serialising Data

[Tip#36] Encoding/serialising data can be risky if you're not using the correct functions.

Security Tips

Security Tip: Leaking Data After Changes

[Tip#35] It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app

Newsletter

Laracon EU 25% off discount 😉

Laracon EU has arrived, and I'm speaking tomorrow, which means it's time for another discount. 😉

Security Tips

Security Tip: Encrypting Environment Files?

[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?

In Depth

In Depth: "Password Generator" Security Audit

[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!

Security Tips

Security Tip: Restricting Local File Access

[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?

Security Tips

Security Tip: Multiple Rate Limits

[Tip#32] For times when one rate limit just won't do!

Security Tips

Security Tip: Canary Tokens

[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.

Security Tips

OWASP Tip: A10:2021 – Server-Side Request Forgery (SSRF)

Our final entry in the OWASP Top 10 series - be aware of what your servers can access!

Security Tips

OWASP Tip: A09:2021 – Security Logging and Monitoring Failures

You do have logging enabled, right?