Read more
Security Tip: Bypassing Content-Security-Policy with <base>!
[Tip #122] Content Security Policies are awesome, but if you haven't fully configured all of your directives, it's possible to redirect requests, inherit Nonces, and get juicy CSP-bypassing XSS! 😈
Security Tip: When Is XSS Not Strictly XSS? (But Still Bad!)
[Tip #121] Technically, XSS involves injecting malicious Javascript, but sometimes you don't need any JS to get up to mischief! 😈
4 years of Securing Laravel! 🎂
I almost missed it, but it's time to celebrate 4 years of Securing Laravel!
Security Tip: Password Resets and MFA?
[Tip #120] How should we safely handle resetting forgotten passwords without compromising the protection that MFA provides?