In Depth
In Depth: Using CSS Clickjacking to Steal Passwords
[In Depth #26] It's time for some nightmare fuel with a sneaky inline CSS vulnerability I found in a popular Laravel package!
In Depth
[In Depth #26] It's time for some nightmare fuel with a sneaky inline CSS vulnerability I found in a popular Laravel package!
Security Tips
[Tip #76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.
Security Tips
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!
Security Tips
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!
In Depth
[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the authentication system works in the process.
Security Tips
[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!
In Depth
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
Security Tips
[Tip#52] HTML has a lot of hidden gems, and the `autocomplete` attribute is no exception. Lets take a look at how it helps your password fields and password managers work together!
Security Tips
[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!
In Depth
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
In Depth
[InDepth#5] It sounds easy to rehash passwords, but is it really that easy?
Security Tips
[Tip#13] Blocking Compromised (Pwned) Passwords forces your users to use strong passwords, but is it the right choice for your app?