Security Tips
Security Tip: Should You Block Compromised Passwords?
[Tip#13] Blocking Compromised (Pwned) Passwords forces your users to use strong passwords, but is it the right choice for your app?
Weekly security tips that cover the simpler topics, configuration options, tricks, updates, and anything else security related you need to be aware of.
Security Tips
[Tip#13] Blocking Compromised (Pwned) Passwords forces your users to use strong passwords, but is it the right choice for your app?
Security Tips
[Tip#12] It's easy to guess passwords if your app doesn't rate limit attempts...
Security Tips
[Tip#11] Why duplicate password validation rules across your app when you can define defaults once?
Security Tips
[Tip#10] You should always selectively stage changes, to avoid committing secrets or debug code and pushing to prod.
Security Tips
[Tip#9] security.txt is a simple way to share your security contacts to make vulnerability reporting easier.
Security Tips
[Tip#8] We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript.
Security Tips
[Tip#7] Always pass user input through a validator to ensure you only get the data you're expecting.
Security Tips
[Tip#6] Because sometimes being paranoid is a good thing.
Security Tips
[Tip#5] Don't forget to configure your cookies for to only work over HTTPS.
Security Tips
[Tip#4] We're following the theme of reminders for simple features that are easy to overlook with a reminder to use Parameterised Queries!
Security Tips
[Tip#3] Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file!
Security Tips
[Tip#2] Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method.