Read more
Security Tip: Consider All Routes, Not Just Web!
[Tip #125] routes/web.php is boring and reliable, and routes/api.php is fancy, but have you forgotten one?
Security Tip: Update your packages! (Yes, this again!)
[Tip #124] I know I say this all the time (especially on stage!), but apparently not everyone heard me, so here we go again...
Security Tip: How Should APIs Respond to HTTP?
[Tip #123] If an API client tries to connect via unencrypted HTTP, what should your API do: redirect to HTTPS, disable HTTP, offer a swift rebuke, or take matters into it's own hands?
Security Tip: Bypassing Content-Security-Policy with <base>!
[Tip #122] Content Security Policies are awesome, but if you haven't fully configured all of your directives, it's possible to redirect requests, inherit Nonces, and get juicy CSP-bypassing XSS! 😈