Security Tips
Security Tip: Test for Missing Authorisation
[Tip#48] We write tests for everything else, so why not write tests for authorisation as well?
Security Tips
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
OWASP Top 10
OWASP In Depth: A01:2021 - Broken Access Control
Let's dive into the first risk in the OWASP Top 10...
In Depth
In Depth: Insecure Direct Object References (IDOR)
[InDepth#11] Also known as hide-and-seek, and security through obscurity!
Security Tips
Security Tip: Leaking Model Existence
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.
Security Tips
Security Tip: Use Route Groups!
[Tip#24] It may sound trivial, but it's easy to overlook.
Security Tips
Security Tip: Scoping Bindings
[Tip#23] Because who doesn't love to scope their bindings?
In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
In Depth
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Security Tips
Security Tip: Don't Forget About Policy Filters!
[Tip#2] Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method.