Newsletter
In Depth: Securing Randomness Without Breaking Things
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
Security Tips
Security Tip: Laravel's Password Generator
[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!
Security Tips
Security Tip: Encrypting Environment Files?
[Tip#34] Laravel features the ability to encrypt environment files... but do you need to use it?
In Depth
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Security Tips
OWASP Tip: A02:2021 – Cryptographic Failures
QmFzZSA2NCBpc24ndCBlbmNyeXB0aW9uIQ==
In Depth
In Depth: Magic Emails
[InDepth#10] One time codes, magic links, and more...
In Depth
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
Security Tips
Security Tip: Cryptographically Secure Randomness
[Tip#19] Because all randomness should be cryptographically secure.
In Depth
In Depth: Rehashing Passwords
[InDepth#5] It sounds easy to rehash passwords, but is it really that easy?
In Depth
In Depth: Encryption
[InDepth#1] Let's take a look at how Encryption works in Laravel, where it's used, and how you can use it within your applications.
Security Tips
Security Tip: Custom Encryption Keys for Cast Model Attributes
[Tip#1] A simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.