In Depth

[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
3
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the…
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
2
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind…
[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and…
3
[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the…
[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
[InDepth#13] The story of why a bugfix I was so confident in was doomed to fail...
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
1
It's a three-in-one for the third last entry into our OWASP Top 10 series!
From Insecure Design last week to Insecure Configuration this week!