In Depth
In Depth: Laravel Security Audits Top 10 (2024)!
[In Depth #31] Here are the Top 10 security issues I've found during my security audits, highlighting the areas we as a community need to improve our security.
In Depth
In Depth: Pentesting Laravel part 4 - Reading Code Pays Off!
[In Depth #30] In the final part of the series, we finish our code searches and spend some time reading the code - which really pays off in terms of finding juicy vulnerabilities to exploit and report.
In Depth
In Depth: Pentesting Laravel part 2 - Configs, Dependencies, and Routes
[In Depth #28] Continuing our Laravel Security Audit and Penetration Test, we're looking into configs and dependences, and following threads to discover 4 CRITICAL vulnerabilities!
Security Tips
Security Tip: Privilege Escalation Through Domain Wildcards!
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
In Depth
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
OWASP Top 10
OWASP In Depth: A01:2021 - Broken Access Control
Let's dive into the first risk in the OWASP Top 10...
In Depth
In Depth: Insecure Direct Object References (IDOR)
[InDepth#11] Also known as hide-and-seek, and security through obscurity!
In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
In Depth
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.