In Depth
In Depth #25: Graceful Encryption Key Rotation
Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how Laravel 11 handles it...
In Depth
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Newsletter
In Depth: Protecting Staging Sites!
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your environment and sometimes even contain customer data...
In Depth
In Depth: Introducing Random
[InDepth#22] Random generates cryptographically secure random values in a range of different formats through a simple helper package for PHP.
In Depth
In Depth: Securing Apps on Forge
[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.
In Depth
In Depth: Adding Rehashing to Laravel
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the authentication system works in the process.
Newsletter
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
In Depth
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
In Depth
In Depth: Storing Environment Variables Safely
[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and some "industry best practices".
In Depth
In Depth: What Are Insecure Functions?
[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the common themes across the different ideas...
Newsletter
In Depth: Mass-Assignment Vulnerabilities
[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...
Newsletter
In Depth: Securing Randomness Without Breaking Things
[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...
In Depth
In Depth: Stealing Password Tokens with Forwarded Host Poisoning
[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!
In Depth
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
OWASP Top 10
OWASP In Depth: A08:2021 – Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
OWASP Top 10
OWASP In Depth: A05:2021 – Security Misconfiguration
From Insecure Design last week to Insecure Configuration this week!