Security Tips
Security Tip: Disable Dev Tools on Prod
[Tip#49] Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it.
Security Tips
Security Tip: Test for Missing Authorisation
[Tip#48] We write tests for everything else, so why not write tests for authorisation as well?
Security Tips
Security Tip: Getting Started with Content Security Policies
[Tip#47] Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking anything!
Security Tips
Security Tip: Security Headers are Layers of Defence
[Tip#46] Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are you leaving your apps unprotected?
Security Tips
Security Tip: Replace Simple Dependencies
[Tip#45] The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running...
Security Tips
Security Tip: Avoiding XSS with HtmlString
[Tip#44] Check out that one simple trick... I mean... This is my favourite way to avoid XSS.
Security Tips
Security Tip: Don't Forget Rate Limiting
[Tip#43] It's essential for limiting bot attacks, and don't forget it on other sensitive routes like authentication...
Security Tips
Security Tip: Validating Array Inputs
[Tip#42] Validating single values is easy, but what about arrays?
Security Tips
Security Tip: Safely Rendering JSON in Blade
[Tip#41] It's quite common to inject JSON into Blade templates for various use cases, but is it actually safe to do so? Not really...
Security Tips
Security Tip: Retrieving Request Values
[Tip#40] Let's complete the set of request input helpers and their security implications
Security Tips
Security Tip: Casting Request Values
[Tip #39] Why treat all user input as strings when you can pull out specific values and automatically cast them as the types you're expecting?
Security Tips
Security Tip: Timebox for Timing Attacks
[Tip #38] Laravel is full of little helpers and features, and the Timebox is one that's often overlooked.