Newsletter
In Depth: Securing Randomness Without Breaking Things
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Newsletter
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Security Tips
[Tip#40] Let's complete the set of request input helpers and their security implications
Security Tips
[Tip #39] Why treat all user input as strings when you can pull out specific values and automatically cast them as the types you're expecting?
Security Tips
[Tip#38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.
Security Tips
[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!
In Depth
[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!
Security Tips
[Tip#36] Encoding/serialising data can be risky if you're not using the correct functions.
Security Tips
[Tip#35] It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app
Newsletter
Laracon EU has arrived, and I'm speaking tomorrow, which means it's time for another discount. ๐
Security Tips
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
In Depth
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Security Tips
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?