Don't miss the Laracon Online Discount!
Subscribe now to get 25% off your Laravel Security In Depth subscription!
Read more
Security Tip: Safely Updating Dependencies
[Tip #131] Updating packages used to be a no-brainer, but now you need to be careful. Updates may be malicious. But not updating leaves vulns unpatched. So what do you do??? 🤷
In Depth: Version Numbers Are Vanity Labels
[In Depth #40] We trust version numbers to mean a specific, fixed release - but they're really just labels pointing at a commit, and an attacker can quietly move them. Let's dig into tag hijacking, the attack behind tj-actions and Laravel-Lang. 😈
Security Tip: Secure Your Repositories with Laravel Moat
[Tip #130] Laravel Moat is a new tool that assesses the security posture of your GitHub repositories and recommends ways to tighten the controls protecting them.
Security Tip: The Signed URL Trap
[Tip #129] I love Signed URLs, but there is one very subtle trap you can accidentally fall into...