Randomness

Security Tips

Security Tip: Disallowing Functions with PHPStan!

[Tip #94] Just like we can detect insecure functions with Pest, we can use PHPStan extensions to find and disallow insecure functions!

Security Tips

Security Tip: Pest's Security Preset & Strict Equality

[Tip #93] Test suites aren't just for raw code expectations, it turns out you can also use them to encourage secure coding practices!

In Depth

In Depth: Pentesting Laravel part 3 - Looking for "Interesting" Code

[In Depth #29] It's time to spend some time looking for smelly or suspicious code, searching for common patterns and functions that usually show up around weaknesses. 🕵️

Security Tips

Security Tip: Stop Using MD5 and SHA-1!

[Tip #87] MD5 is like a cockroach - it's persistent and pops up everywhere, but one thing is very clear: you need to stop using it (and SHA-1 too)!

In Depth

In Depth: Introducing Random

[InDepth#22] Random generates cryptographically secure random values in a range of different formats through a simple helper package for PHP.

Security Tips

Security Tip: Do You Really Need a Hash for That?

[Tip#65] Before you reach for a hashing function, stop and think about what you're hashing and why you're hashing it...

Security Tips

Security Tip: Avoiding Filename Collisions

[Tip#55] Let's look at my old buddy time(), who always has something for me during my audits. This time it's helping avoid filename collisions?

In Depth

In Depth: What Are Insecure Functions?

[InDepth#16] According to random folks on the internet (i.e. social media), "insecure functions" are a wide and varied concept. Let's take a look at the common themes across the different ideas...

Newsletter

In Depth: Securing Randomness Without Breaking Things

[InDepth#14] Cryptographically secure randomness is important, but so is backwards compatibility...

Security Tips

Security Tip: Laravel's Password Generator

[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!

In Depth

In Depth: "Password Generator" Security Audit

[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!

In Depth

In Depth: Magic Emails

[InDepth#10] One time codes, magic links, and more...