Security Tips

Security Tip: Be Careful Of Transliteration

[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! 😱

Security Tips

Security Tip: Use Subresource Integrity on Your Resources!

[Tip#14] What is Subresource Integrity and why is it so important for securing your site?

In Depth

In Depth: Rehashing Passwords

[InDepth#5] It sounds easy to rehash passwords, but is it really that easy?

Security Tips

Security Tip: Should You Block Compromised Passwords?

[Tip#13] Blocking Compromised (Pwned) Passwords forces your users to use strong passwords, but is it the right choice for your app?

Security Tips

Security Tip: Rate Limit Your Login Forms!

[Tip#12] It's easy to guess passwords if your app doesn't rate limit attempts...

Security Tips

Security Tip: Default Password Rules

[Tip #11] Why duplicate password validation rules across your app when you can define defaults once?

In Depth

In Depth #4: Guessing Placeholders For Malicious Purposes

Placeholders are incredibly useful, but you need to be careful with them.

Security Tips

Security Tip: Selectively Stage and Commit Changes

[Tip#10] You should always selectively stage changes, to avoid committing secrets or debug code and pushing to prod.

Security Tips

Security Tip: Publish a security.txt!

[Tip #9] security.txt is a simple way to share your security contacts to make vulnerability reporting easier.

Newsletter

Oops, broken link...

The teams discount link was broken

Newsletter

Laravel Security in Depth > Black Friday > 25% / 50% off > Forever ⭐

Get 25% off individual subscriptions, or 50% off teams. Forever.

Security Tips

Security Tip: Sensitive Model Attributes

[Tip #8] We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript.