Security Tips
Security Tip: Selectively Stage and Commit Changes
[Tip#10] You should always selectively stage changes, to avoid committing secrets or debug code and pushing to prod.
Security Tips
Security Tip: Publish a security.txt!
[Tip #9] security.txt is a simple way to share your security contacts to make vulnerability reporting easier.
Security Tips
Security Tip: Sensitive Model Attributes
[Tip #8] We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript.
Security Tips
Security Tip: Don’t Trust User Input!
[Tip #7] Always pass user input through a validator to ensure you only get the data you're expecting.
Security Tips
Security Tip: Disable Dev & Test Commands in Production
[Tip #6] Because sometimes being paranoid is a good thing.
Security Tips
Security Tip: The Cookie ‘Secure’ Flag
[Tip #5] Don't forget to configure your cookies for to only work over HTTPS.
Security Tips
Security Tip: Why Parameterised Queries Are Important!
[Tip #4] We're following the theme of reminders for simple features that are easy to overlook with a reminder to use Parameterised Queries!
Security Tips
Security Tip: Store Sensitive Config in .env!
[Tip #3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!
Security Tips
Security Tip: Don't Forget About Policy Filters!
[Tip#2] Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method.
Security Tips
Security Tip: Custom Encryption Keys for Cast Model Attributes
[Tip#1] A simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.