
Security Tips
Security Tip: Disable Dev Tools on Prod
[Tip#49] Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it.
Weekly security tips that cover the simpler topics, configuration options, tricks, updates, and anything else security related you need to be aware of.
Security Tips
[Tip#49] Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it.
Security Tips
[Tip#48] We write tests for everything else, so why not write tests for authorisation as well?
Security Tips
[Tip#47] Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking anything!
Security Tips
[Tip#46] Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are you leaving your apps unprotected?
Security Tips
[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running...
Security Tips
[Tip#44] Check out that one simple trick... I mean... This is my favourite way to avoid XSS.
Security Tips
[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...
Security Tips
[Tip#42] Validating single values is easy, but what about arrays?
Security Tips
[Tip#41] It's quite common to inject JSON into Blade templates for various use cases, but is it actually safe to do so? Not really...
Security Tips
[Tip#40] Let's complete the set of request input helpers and their security implications
Security Tips
[Tip #39] Why treat all user input as strings when you can pull out specific values and automatically cast them as the types you're expecting?
Security Tips
[Tip #38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.