Securing Laravel | Stephen Rees-Carter | Substack

Audits Top 10

[Tip#46] Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are…

Stephen Rees-Carter

May 25

[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the…

Stephen Rees-Carter

May 17

[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually…

May 9

[Tip#44] Checkout that one simple trick... I mean... This is my favourite way to avoid XSS.

Stephen Rees-Carter

May 1

[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...

Stephen Rees-Carter

Apr 23

[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...

Stephen Rees-Carter

Apr 15

[Tip#42] Validating single values is easy, but what about arrays?

Apr 7

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts