In Depth
In Depth #25: Graceful Encryption Key Rotation
Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
In Depth
Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
Security Tips
[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.
Security Tips
[Tip#61] While it's tempting to throw everything into logs, keep in mind where your logs end up → plain text files, 3rd party collectors, passed around the development team, etc...
Security Tips
[Tip#60] Stack traces are essential for debugging complex (and even simple) issues, but there is a risk that something sensitive might be exposed within your trace... Let's ensure that doesn't happen!
Security Tips
[Tip#56] It may be tempting to compare keys/sensitive strings using `===`, or even `==`, but that opens you up to timing attacks! You should be using a timing attack safe string comparison function...
Newsletter
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
In Depth
[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and some "industry best practices".
Security Tips
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
Security Tips
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Security Tips
[Tip#30] Who wants to go on a treasure hunt for secrets, credentials, and API keys?
Security Tips
[Tip#29] Protecting the integrity of your data is just as important as stopping hackers.
Security Tips
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.
Security Tips
[Tip#3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!
Security Tips
[Tip#1] A simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.