Security Tips - Securing Laravel (Page 5)

Security Tips

Security Tip: HTML autocomplete Attribute

[Tip#52] HTML has a lot of hidden gems, and the `autocomplete` attribute is no exception. Lets take a look at how it helps your password fields and password managers work together!

Security Tips

Security Tip: Validate Your Webhooks!

[Tip#51] Just because your webhook endpoints aren't listed anywhere (are they?) doesn't mean someone won't find them, and send malicious payloads to your app! You need to validate your webhook payloads!

Security Tips

Security Tip: Watch out for Resource Authorisation

[Tip#50] Watch out when you mix Resource Controllers and Authorisation with custom Controller Actions and custom routes... you may find you're lacking authorisation without realising it!

Security Tips

Security Tip: Disable Dev Tools on Prod

[Tip#49] Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it.

Security Tips

Security Tip: Test for Missing Authorisation

[Tip#48] We write tests for everything else, so why not write tests for authorisation as well?

Security Tips

Security Tip: Getting Started with Content Security Policies

[Tip#47] Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking anything!

Security Tips

Security Tip: Security Headers are Layers of Defence

[Tip#46] Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are you leaving your apps unprotected?

Security Tips

Security Tip: Replace Simple Dependencies

[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running...