Security Tips
Security Tip: Consider All Routes, Not Just Web!
[Tip #125] routes/web.php is boring and reliable, and routes/api.php is fancy, but have you forgotten one?
Security Tips
Security Tip: Type Coercion in Broadcast Routes!
[Tip #104] It's easy for type juggling to sneak into authorisation callbacks, especially when types are ambiguous, and if you're not careful, you may be leaving a massive hole waiting to be exploited! 😱
In Depth
In Depth: Common Authorisation Failures!
[In Depth #33] Let's explore a number of common ways developers fail authorisation in Laravel apps, and what you need to watch out for so you don't make the same mistakes!
In Depth
In Depth: Pentesting Laravel part 2 - Configs, Dependencies, and Routes
[In Depth #28] Continuing our Laravel Security Audit and Penetration Test, we're looking into configs and dependences, and following threads to discover 4 CRITICAL vulnerabilities!
Security Tips
Security Tip: Use Route Groups!
[Tip#24] It may sound trivial, but it's easy to overlook.
Security Tips
Security Tip: Scoping Bindings
[Tip#23] Because who doesn't love to scope their bindings?