Security Tips
Security Tip: What If You Hashed Null?
[Tip #100] One of the fun parts of doing my security audits is coming across unexpected code that looks exploitable, and trying it out myself to see what possibilities exist.
Security Tips
[Tip #100] One of the fun parts of doing my security audits is coming across unexpected code that looks exploitable, and trying it out myself to see what possibilities exist.
Security Tips
[Tip #90] Did you know Laravel's URL validator lets you control which protocols you accept? Here's my recommendation...
Security Tips
[Tip #77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there too!
Security Tips
[Tip#57] You've heard about SQL Injection and Cross-Site Scripting but what about another big injection avenue: Command Injection? It's less common but just as critical that you're aware of it...
Newsletter
[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!
In Depth
[InDepth#15] There is a false confidence about mass-assignment vulnerabilities that hides how easy it is for them to occur and be exploited...
Security Tips
[Tip#42] Validating single values is easy, but what about arrays?
Security Tips
[Tip#40] Let's complete the set of request input helpers and their security implications
Security Tips
[Tip #39] Why treat all user input as strings when you can pull out specific values and automatically cast them as the types you're expecting?
Security Tips
[Tip#22] Validating user input is easy to forget without adding HTML or Markdown into the mix!
Security Tips
[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! 😱
Security Tips
[Tip #11] Why duplicate password validation rules across your app when you can define defaults once?