Security Tips
Security Tip: Safely Updating Dependencies
[Tip #131] Updating packages used to be a no-brainer, but now you need to be careful. Updates may be malicious. But not updating leaves vulns unpatched. So what do you do??? 🤷
In Depth
In Depth: Version Numbers Are Vanity Labels
[In Depth #40] We trust version numbers to mean a specific, fixed release - but they're really just labels pointing at a commit, and an attacker can quietly move them. Let's dig into tag hijacking, the attack behind tj-actions and Laravel-Lang. 😈
Security Tips
Security Tip: Secure Your Repositories with Laravel Moat
[Tip #130] Laravel Moat is a new tool that assesses the security posture of your GitHub repositories and recommends ways to tighten the controls protecting them.
Security Tips
Security Tip: Do You Have an Upgrade Plan?
[Tip #102] In less than 2 weeks, Laravel 10.x will no longer be supported, and PHP 8.1 has less than 12 months left! Do you have an upgrade plan?
In Depth
In Depth: Laravel Security Audits Top 10 (2024)!
[In Depth #31] Here are the Top 10 security issues I've found during my security audits, highlighting the areas we as a community need to improve our security.
In Depth
In Depth: Pentesting Laravel part 2 - Configs, Dependencies, and Routes
[In Depth #28] Continuing our Laravel Security Audit and Penetration Test, we're looking into configs and dependences, and following threads to discover 4 CRITICAL vulnerabilities!
In Depth
In Depth: Pentesting Laravel part 1 - Passive Scans
[In Depth #27] Let me walk you through my process of conducting a Laravel Security Audit and Penetration Test, starting with the passive scans that usually find a lot of low-hanging fruit!
Security Tips
Security Tip: Replace Simple Dependencies
[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running...
Security Tips
Security Tip: composer audit
[Tip#28] Composer 🥰