Security Tips
Security Tip: Privilege Escalation Through Domain Wildcards!
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
Security Tips
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
Security Tips
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on the controller - here's how you get it back.
In Depth
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
Security Tips
[Tip#50] Watch out when you mix Resource Controllers and Authorisation with custom Controller Actions and custom routes... you may find you're lacking authorisation without realising it!
Security Tips
[Tip#48] We write tests for everything else, so why not write tests for authorisation as well?
Security Tips
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
OWASP Top 10
Let's dive into the first risk in the OWASP Top 10...
In Depth
[InDepth#11] Also known as hide-and-seek, and security through obscurity!
Security Tips
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.
Security Tips
[Tip#24] It may sound trivial, but it's easy to overlook.
Security Tips
[Tip#23] Because who doesn't love to scope their bindings?
In Depth
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
In Depth
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Security Tips
[Tip#2] Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method.