Security Tips
Security Tip: Intercepting dump() Could Expose Production!
[Tip #89] dump() interceptors in dev tools like Herd and Telescope are very helpful, but be careful you don't accidently send dump() to production!
Security Tips
Security Tip: Is Your Referrer Leaking Information?
[Tip #81] Do you know what information is being leaked by the Referer header when your users click on external links?
In Depth
In Depth: Using CSS Clickjacking to Steal Passwords
[In Depth #26] It's time for some nightmare fuel with a sneaky inline CSS vulnerability I found in a popular Laravel package!
Security Tips
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I Been Pwned's Troy Hunt...
In Depth
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
Security Tips
Security Tip: Leaking Data After Changes
[Tip#35] It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app
Security Tips
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
Security Tips
Security Tip: Leaking Model Existence
[Tip#27] Observing the existence of something you can't access still tells you something important, even if you can't access it.
Security Tips
Security Tip: Sensitive Model Attributes
[Tip #8] We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript.