In Depth
In Depth: Setting up Two-Factor Authentication!
[In Depth #37] It's time to finally fulfil one of the most common requests for an In Depth article: setting up 2FA! π So let's add some TOTP 2FA to our boring user/pass auth login!
In Depth
In Depth: A Deep Dive into Laravel's New Starter Kits! (pt 2)
[In Depth #36] It's time to review the Livewire Volt, Vue, and React Starter Kits! Let's see what vulnerabilities are hiding under the surface, and just how easy it is to fix them... π§
In Depth
In Depth: A Deep Dive into Laravel's New Starter Kits! (pt 1)
[In Depth #35] Let's take a dive into the security of Laravel's new Starter Kits to see how they handle authentication, what security features they include, and what areas could be improved! π€
Security Tips
Security Tip: OTPs Need Rate Limiting Too!
[Tip #110] This is your periodic reminder that Rate Limiting is essential, and for more than just your user/password form! Make sure you've got it on your OTP, or someone will come along and brute-force that 6-digit code.
In Depth
In Depth: Five Ways to Fail at Authentication
[In Depth #32] Let's explore 5 different "Authentication Fails" that I've come across, as a reminder for why it's so important to get authentication right.
In Depth
In Depth: Laravel Security Audits Top 10 (2024)!
[In Depth #31] Here are the Top 10 security issues I've found during my security audits, highlighting the areas we as a community need to improve our security.
Security Tips
Security Tip #78: Laravel 11's Per-Second Rate Limiting
Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To solve this, Laravel 11 supports per-second!
In Depth
In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)
[InDepth#18] Let's take a walk through the first half of my "Th1nk Lik3 a H4cker" talk from Laracon EU & US. We'll explore the vulnerabilities behind each challenge and what I was trying to teach.
Security Tips
Security Tip: Don't Forget Rate Limiting
[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...
Security Tips
Security Tip: Timebox for Timing Attacks
[Tip #38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.
Security Tips
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Security Tips
Security Tip: Be Careful Of Transliteration
[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! π±