Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Tip
Latest
Top
Discussions
Security Tip: Laravel 11's Prompt Validation Rules
[Tip#77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there…
Apr 19
•
Stephen Rees-Carter
Share this post
Security Tip: Laravel 11's Prompt Validation Rules
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
Apr 11
•
Stephen Rees-Carter
Share this post
Security Tip: Laravel 11's Automatic Password Rehashing
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
Mar 26
•
Stephen Rees-Carter
3
Share this post
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
securinglaravel.com
Copy link
Facebook
Email
Note
Other
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Mar 18
•
Stephen Rees-Carter
6
Share this post
Security Tip: Laravel 11's Middleware Configuration
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
Mar 10
•
Stephen Rees-Carter
3
Share this post
Security Tip: A Well-Known URL for Changing Passwords
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
Feb 23
•
Stephen Rees-Carter
5
Share this post
Security Tip: Don't Forget Your Registration Form!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Feb 15
•
Stephen Rees-Carter
3
Share this post
Security Tip: Keep Your Tools Updated!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I…
Feb 7
•
Stephen Rees-Carter
3
Share this post
Security Tip: Fix Your Leaky APIs!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Use a Supported Version of Laravel!
[Tip#69] Are you using Laravel 10? If not, do you have an upgrade planned? If you're not on 10, your app may be at risk!
Jan 22
•
Stephen Rees-Carter
4
Share this post
Security Tip: Use a Supported Version of Laravel!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Use the Alpine.js CSP Build!
[Tip#68] If you use Alpine and a CSP on your app, you'll want to use the new CSP-friendly build to avoid needing `unsafe-eval` in your policies.
Jan 15
•
Stephen Rees-Carter
3
Share this post
Security Tip: Use the Alpine.js CSP Build!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Don't Use nl2br()!
[Tip#67] As useful as it sounds, nl2br() can potentially leave you open to Cross-Site Scripting (XSS) vulnerabilities... you should reach for CSS…
Jan 6
•
Stephen Rees-Carter
8
Share this post
Security Tip: Don't Use nl2br()!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
3
Security Tip: Use HMAC Hashes To Verify Data
[Tip#66] For those situations where you need to generate a repeatable hash or signature, reach for HMAC, rather than MD5 or SHA1.
Dec 21, 2023
•
Stephen Rees-Carter
6
Share this post
Security Tip: Use HMAC Hashes To Verify Data
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts