Securing Laravel
  • Home
  • In Depth Articles
  • Security Tips
  • Archives
  • About
  • Laravel Security Audits & Pentests
  • Practical Laravel Security Course
Sign in Subscribe
Newsletter

Oops, broken link...

The teams discount link was broken

Stephen Rees-Carter

Stephen Rees-Carter

26 Nov 2021

This post is for subscribers only

Subscribe now

Already have an account? Sign in

Read more

Security Tip: How Should APIs Respond to HTTP?

Security Tip: How Should APIs Respond to HTTP?

[Tip #123] If an API client tries to connect via unencrypted HTTP, what should your API do: redirect to HTTPS, disable HTTP, offer a swift rebuke, or take matters into it's own hands?

By Stephen Rees-Carter 29 Sep 2025
Security Tip: Bypassing Content-Security-Policy with <base>!

Security Tip: Bypassing Content-Security-Policy with <base>!

[Tip #122] Content Security Policies are awesome, but if you haven't fully configured all of your directives, it's possible to redirect requests, inherit Nonces, and get juicy CSP-bypassing XSS! 😈

By Stephen Rees-Carter 15 Sep 2025
Security Tip: When Is XSS Not Strictly XSS? (But Still Bad!)

Security Tip: When Is XSS Not Strictly XSS? (But Still Bad!)

[Tip #121] Technically, XSS involves injecting malicious Javascript, but sometimes you don't need any JS to get up to mischief! 😈

By Stephen Rees-Carter 08 Sep 2025
4 years of Securing Laravel! 🎂

4 years of Securing Laravel! 🎂

I almost missed it, but it's time to celebrate 4 years of Securing Laravel!

By Stephen Rees-Carter 30 Aug 2025
Securing Laravel
  • Subscribe
  • In Depth Articles
  • Security Tips
  • Archives
  • Stephen's Socials
Powered by Ghost

Securing Laravel

The essential security resource for Laravel developers.