Security Tips
Security Tip: Retrieving Request Values
[Tip#40] Let's complete the set of request input helpers and their security implications
Security Tips
Security Tip: Casting Request Values
[Tip #39] Why treat all user input as strings when you can pull out specific values and automatically cast them as the types you're expecting?
Security Tips
Security Tip: Timebox for Timing Attacks
[Tip#38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.
Security Tips
Security Tip: Laravel's Password Generator
[Tip#37] If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password() helper!
Security Tips
Security Tip: Encoding/Serialising Data
[Tip#36] Encoding/serialising data can be risky if you're not using the correct functions.
Security Tips
Security Tip: Leaking Data After Changes
[Tip#35] It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app
Security Tips
Security Tip: Encrypting Environment Files?
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
Security Tips
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
Security Tips
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Security Tips
Security Tip: Canary Tokens
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Security Tips
OWASP Tip: A10:2021 – Server-Side Request Forgery (SSRF)
Our final entry in the OWASP Top 10 series - be aware of what your servers can access!
Security Tips
OWASP Tip: A09:2021 – Security Logging and Monitoring Failures
You do have logging enabled, right?