Security Tips
Security Tip: Auto-Secure Cookies FTW! ๐
[Tip #92] One of my personal pet peeves in Laravel has finally been fixed! The Secure cookie attribute will now match the request protocol! ๐ (I'm excited, can you tell?)
Security Tips
Security Tip: Parameterise your Parameter Names!
[Tip #91] aka yet another example for why you should Never Trust User Input!
Security Tips
Security Tip: Validating (Secure) URLs!
[Tip #90] Did you know Laravel's URL validator lets you control which protocols you accept? Here's my recommendation...
Security Tips
Security Tip: Intercepting dump() Could Expose Production!
[Tip #89] dump() interceptors in dev tools like Herd and Telescope are very helpful, but be careful you don't accidently send dump() to production!
Security Tips
Security Tip: Don't Forget to Test Your Signed URLs!
[Tip #88] Signed URLs are awesome, but if you forget to check they are working - you may be leaving a massive vulnerability just waiting to be exploited...
Security Tips
Security Tip: Stop Using MD5 and SHA-1!
[Tip #87] MD5 is like a cockroach - it's persistent and pops up everywhere, but one thing is very clear: you need to stop using it (and SHA-1 too)!
Security Tips
Security Tip: What Is An HttpOnly Cookie?
[Tip #86] Cookies come in many shapes and sizes, and with multiple attributes just to confuse you... Have you ever wondered what the humble HttpOnly attribute actually does?
Security Tips
Security Tip: Do You Have a Permissions Policy?
[Tip #85] What browser features do you have enabled on your site, and what can an XSS attack do if you don't disable them?
Security Tips
Security Tip: Don't Forget to Regenerate 2FA Secret Keys!
[Tip #84] It's not just passwords you need to worry about when it comes to authentication and stolen credentials: your 2FA secret keys may also be at risk!
Security Tips
Security Tip: Prohibiting Destructive Commands on Production
[Tip #83] It's important to be paranoid when it comes to production environments - because if you forget you're logged into prod, you may end up dropping a database... or worse! ๐ฑ
Security Tips
Security Tip: How Strict Is your Transport Security?
[Tip #82] HTTPS is everywhere & easy, but HTTP is still an option... How do you stop an attacker intercepting and downgrading connections to your site?
Security Tips
Security Tip: Is Your Referrer Leaking Information?
[Tip #81] Do you know what information is being leaked by the Referer header when your users click on external links?