Security Tips

Security Tips

Security Tip: Prohibiting Destructive Commands on Production

[Tip #83] It's important to be paranoid when it comes to production environments - because if you forget you're logged into prod, you may end up dropping a database... or worse! 😱

Security Tips

Security Tip: How Strict Is your Transport Security?

[Tip #82] HTTPS is everywhere & easy, but HTTP is still an option... How do you stop an attacker intercepting and downgrading connections to your site?

Security Tips

Security Tip: Is Your Referrer Leaking Information?

[Tip #81] Do you know what information is being leaked by the Referer header when your users click on external links?

Security Tips

Security Tip: Privilege Escalation Through Domain Wildcards!

[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!

Security Tips

Security Tip: Only Use env() Within Config Files

[Tip #79] It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise...

Security Tips

Security Tip #78: Laravel 11's Per-Second Rate Limiting

Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To solve this, Laravel 11 supports per-second!

Security Tips

Security Tip: Laravel 11's Prompt Validation Rules

[Tip #77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there too!

Security Tips

Security Tip: Laravel 11's Automatic Password Rehashing

[Tip #76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and changing bcrypt rounds.

Security Tips

Security Tip: Laravel 11's Controller Authorisation & Validation Methods

[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on the controller - here's how you get it back.

Security Tips

Security Tip: Laravel 11's Middleware Configuration

[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.

Security Tips

Security Tip: A Well-Known URL for Changing Passwords

[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware of too!

Security Tips

Security Tip: Don't Forget Your Registration Form!

[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!