In Depth

In Depth

In Depth: Securing Apps on Forge

[InDepth#21] I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge.

In Depth

In Depth: Adding Rehashing to Laravel

[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the authentication system works in the process.

Newsletter

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!

In Depth

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)

[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.

In Depth

In Depth: Storing Environment Variables Safely

[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and some "industry best practices".

In Depth

In Depth: What Are Insecure Functions?

[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the common themes across the different ideas...

In Depth

In Depth: Mass-Assignment Vulnerabilities

[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...

Newsletter

In Depth: Securing Randomness Without Breaking Things

[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...

In Depth

In Depth: Stealing Password Tokens with Forwarded Host Poisoning

[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!

In Depth

In Depth: "Password Generator" Security Audit

[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!

OWASP Top 10

OWASP In Depth: A08:2021 – Software and Data Integrity Failures

It's a three-in-one for the third last entry into our OWASP Top 10 series!

OWASP Top 10

OWASP In Depth: A05:2021 – Security Misconfiguration

From Insecure Design last week to Insecure Configuration this week!