Security Tips
Security Tip: Encrypting Environment Files?
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
Stephen Rees-Carter
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.π΅οΈ I hack stuff on stage for fun. π
In Depth
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Security Tips
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
Security Tips
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Security Tips
Security Tip: Canary Tokens
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Security Tips
OWASP Tip: A10:2021 β Server-Side Request Forgery (SSRF)
Our final entry in the OWASP Top 10 series - be aware of what your servers can access!
Security Tips
OWASP Tip: A09:2021 β Security Logging and Monitoring Failures
You do have logging enabled, right?
Newsletter
Don't forget about 25% off Laravel Security in Depth π
One last reminder about our Black Friday sale on Laravel Security in Depth subscriptions.
Newsletter
Laravel Security in Depth β Black Friday Special Offer
If you've been thinking of upgrading your Laravel Security in Depth subscription, now is the time!
OWASP Top 10
OWASP In Depth: A08:2021 β Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
Newsletter
Black Friday Special Offer (yes, I know, another one!)
Get 25% off Laravel Security in Depth forever! π₯³
Security Tips
OWASP Tip: A07:2021 β Identification and Authentication Failures
Don't get confused with authorisation, we're talking authENTICation this week.