In Depth
In Depth: Setting up Two-Factor Authentication!
[In Depth #37] It's time to finally fulfil one of the most common requests for an In Depth article: setting up 2FA! 🎉 So let's add some TOTP 2FA to our boring user/pass auth login!
In Depth
In Depth: A Deep Dive into Laravel's New Starter Kits! (pt 2)
[In Depth #36] It's time to review the Livewire Volt, Vue, and React Starter Kits! Let's see what vulnerabilities are hiding under the surface, and just how easy it is to fix them... 🧐
In Depth
In Depth: A Deep Dive into Laravel's New Starter Kits! (pt 1)
[In Depth #35] Let's take a dive into the security of Laravel's new Starter Kits to see how they handle authentication, what security features they include, and what areas could be improved! 🤓
Security Tips
Security Tip: OTPs Need Rate Limiting Too!
[Tip #110] This is your periodic reminder that Rate Limiting is essential, and for more than just your user/password form! Make sure you've got it on your OTP, or someone will come along and brute-force that 6-digit code.
In Depth
In Depth: Five Ways to Fail at Authentication
[In Depth #32] Let's explore 5 different "Authentication Fails" that I've come across, as a reminder for why it's so important to get authentication right.
In Depth
In Depth: Laravel Security Audits Top 10 (2024)!
[In Depth #31] Here are the Top 10 security issues I've found during my security audits, highlighting the areas we as a community need to improve our security.
Security Tips
Security Tip #78: Laravel 11's Per-Second Rate Limiting
Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To solve this, Laravel 11 supports per-second!
In Depth
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
Security Tips
Security Tip: Don't Forget Rate Limiting
[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...
Security Tips
Security Tip: Timebox for Timing Attacks
[Tip #38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.
Security Tips
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Security Tips
Security Tip: Be Careful Of Transliteration
[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! 😱