XSS

Security Tips

Security Tip: Is `strip_tags()` Secure?

[Tip#63] PHP includes a some really handy security-focused functions, but you need to know how to use them correctly, or you risk leaving a significant vulnerability waiting to be exploited! 😱

Newsletter

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

[InDepth#19] It's time to finish up the "Th1nk Lik3 a H4cker" walkthrough, looking at the rest of the challenges and the final hack from Laracon US!

Security Tips

Security Tip: Getting Started with Content Security Policies

[Tip#47] Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking anything!

Security Tips

Security Tip: Avoiding XSS with HtmlString

[Tip#44] Check out that one simple trick... I mean... This is my favourite way to avoid XSS.

Security Tips

Security Tip: Safely Rendering JSON in Blade

[Tip#41] It's quite common to inject JSON into Blade templates for various use cases, but is it actually safe to do so? Not really...

Security Tips

OWASP Tip: A03:2021 – Injection

i.e. Cross-Site Scripting (XSS), SQL injection (SQLi), and Command Injection

Security Tips

Security Tip: Validating HTML & Markdown Input!

[Tip#22] Validating user input is easy to forget without adding HTML or Markdown into the mix!

Newsletter

In Depth: Content Security Policy

[InDepth#7] CSPs are an incredibly powerful security feature built into the browser.

Security Tips

Security Tip: Use Subresource Integrity on Your Resources!

[Tip#14] What is Subresource Integrity and why is it so important for securing your site?

In Depth

In Depth #4: Guessing Placeholders For Malicious Purposes

Placeholders are incredibly useful, but you need to be careful with them.

In Depth

In Depth #3: Escaping Output Safely

Cross-Site Scripting (XSS) is a major concern - if someone can run their own code in your users browsers, they can do whatever they like...