In Depth
In Depth: Pentesting Laravel part 3 - Looking for "Interesting" Code
[In Depth #29] It's time to spend some time looking for smelly or suspicious code, searching for common patterns and functions that usually show up around weaknesses. 🕵️
Security Tips
Security Tip: Intercepting dump() Could Expose Production!
[Tip #89] dump() interceptors in dev tools like Herd and Telescope are very helpful, but be careful you don't accidently send dump() to production!
Security Tips
Security Tip: Prohibiting Destructive Commands on Production
[Tip #83] It's important to be paranoid when it comes to production environments - because if you forget you're logged into prod, you may end up dropping a database... or worse! 😱
Newsletter
In Depth: Protecting Staging Sites!
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your environment and sometimes even contain customer data...
Security Notice
Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?
[Notice #2] What is this malware targeting Laravel, and should you be concerned about your apps?
Security Tips
Security Tip: Disable Debug Mode on World-accessible Apps
[Tip#59] It may seem obvious, you'd be surprised just how often I come across websites where debug mode is enabled!
Security Tips
Security Tip: Disable Dev & Test Commands in Production
[Tip #6] Because sometimes being paranoid is a good thing.