Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
About
In Depth
New
Top
Community
In Depth: What Are Insecure Functions?
[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at theā¦
Stephen Rees-Carter
May 17
Share this post
In Depth: What Are Insecure Functions?
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Mass-Assignment Vulnerabilities
[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...
Stephen Rees-Carter
Apr 15
2
Share this post
In Depth: Mass-Assignment Vulnerabilities
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Securing Randomness Without Breaking Things
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Mar 22
2
Share this post
In Depth: Securing Randomness Without Breaking Things
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Stealing Password Tokens with Forwarded Host Poisoning
[InDepth#13] The story of why a bugfix I was so confident in was doomed to fail...
Stephen Rees-Carter
Feb 10
2
Share this post
In Depth: Stealing Password Tokens with Forwarded Host Poisoning
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Stephen Rees-Carter
Jan 9
3
1
Share this post
In Depth: "Password Generator" Security Audit
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
OWASP In Depth: A08:2021 ā Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
Stephen Rees-Carter
Nov 21, 2022
2
Share this post
OWASP In Depth: A08:2021 ā Software and Data Integrity Failures
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
OWASP In Depth: A05:2021 ā Security Misconfiguration
From Insecure Design last week to Insecure Configuration this week!
Stephen Rees-Carter
Oct 28, 2022
3
Share this post
OWASP In Depth: A05:2021 ā Security Misconfiguration
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
OWASP In Depth: A01:2021 - Broken Access Control
Let's dive into the first risk in the OWASP Top 10...
Stephen Rees-Carter
Sep 26, 2022
1
Share this post
OWASP In Depth: A01:2021 - Broken Access Control
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Insecure Direct Object References (IDOR)
[InDepth#11] Also known as hide-and-seek, and security through obscurity! Challenge yourself with the new IDOR challenges in our intentionallyā¦
Stephen Rees-Carter
Aug 1, 2022
2
Share this post
In Depth: Insecure Direct Object References (IDOR)
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Magic Emails
[InDepth#10] One time codes, magic links, and more...
Stephen Rees-Carter
Jul 10, 2022
1
Share this post
In Depth: Magic Emails
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
Stephen Rees-Carter
May 28, 2022
2
1
Share this post
In Depth: Signed URLs
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Stephen Rees-Carter
Apr 26, 2022
1
Share this post
In Depth: Policy Objects
securinglaravel.com
Copy link
Facebook
Email
Notes
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
