Security Tips
Security Tip: Update your packages! (Yes, this again!)
[Tip #124] I know I say this all the time (especially on stage!), but apparently not everyone heard me, so here we go again...
Security Tips
Security Tip: Do I Have a Vulnerable Package Installed?
[Tip #117] It's easy to say "Update <package> if it's installed!", but how do you actually know if a package is installed, since it may not appear in composer.json?! Also, how did it even get there??!! 🤨
Security Notice
Laravel Security Notice: Livewire v3 Remote Code Execution Vulnerability!
[Notice #4] Livewire v3 is vulnerable to an RCE (Remote Command Execution) during component property update hydration in specific scenarios. ⚠️ Update your Livewire ASAP! ⚠️
Security Tips
Security Tip: What Can We Learn from CommonMark's XSS?
[Tip #111] The recently patched XSS in CommonMark's Attributes extension offers an interesting look at what happens when two different features conflict, one being a security feature, the other a knowingly vulnerable extension.
In Depth
In Depth: Using CSS Clickjacking to Steal Passwords
[In Depth #26] It's time for some nightmare fuel with a sneaky inline CSS vulnerability I found in a popular Laravel package!
Security Tips
Security Tip: Privilege Escalation Through Domain Wildcards!
[Tip #80] It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!
In Depth
In Depth: Stealing Password Tokens with Forwarded Host Poisoning
[InDepth#13] User input comes in many different forms, and sometimes your app will believe whatever your users tell it... especially if it's in a header!
Security Tips
Security Tip: Avoid Open Redirects!
[Tip#16] Ever clicked a link that looked legitimate, but took you somewhere unexpected?