Securing Laravel

Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Security Tip: Laravel 11's Prompt Validation Rules
[Tip#77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there…
  
Stephen Rees-Carter
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
  
Stephen Rees-Carter
In Depth: Graceful Encryption Key Rotation
[InDepth#25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how…
  
Stephen Rees-Carter
Most Popular
View all
Laravel Security: File Upload Vulnerability
  Stephen Rees-Carter
5
Security Tip: Protect Your .env File
  Stephen Rees-Carter
Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?
  Stephen Rees-Carter
4
Security Tip: Increase Your bcrypt Rounds
  Stephen Rees-Carter
1
In Depth: Content Security Policy
  Stephen Rees-Carter
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
  
Stephen Rees-Carter
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
  
Stephen Rees-Carter
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
  
Stephen Rees-Carter
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
  
Stephen Rees-Carter
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
  
Stephen Rees-Carter
1
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
  
Stephen Rees-Carter
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I…
  
Stephen Rees-Carter
In Depth: Protecting Staging Sites!
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your…
  
Stephen Rees-Carter
1
Security Tip: Use a Supported Version of Laravel!
[Tip#69] Are you using Laravel 10? If not, do you have an upgrade planned? If you're not on 10, your app may be at risk!
  
Stephen Rees-Carter
Securing Laravel
Securing Laravel
The essential security resource for Laravel devs, covering everything you need to keep your apps secure. Sign up to receive weekly security tips and monthly in depth articles, diving deep into security concepts you need to know!
Recommendations
View all 6
Laravel Corner
Laravel Corner
Bilal Haidar
Laravel News Substack
Laravel News Substack
Laravel News
CSS Simplified
CSS Simplified
Shruti Balasa
OpenLampTech
OpenLampTech
Joshua Otwell
Platformer
Platformer
Casey Newton
Resources
Laravel Documentation
Laravel Releases & Security Notices
Stephen's Talks & Workshops
Stephen's Talks (YouTube)
Stephen's Twitter
Stephen's Mastodon
Practical Laravel Security
Laravel Security Audits and Penetration Tests
Stephen's Bluesky

Securing Laravel

AboutArchiveRecommendationsSitemap
© 2024 Stephen Rees-Carter
PrivacyTermsCollection notice
Start WritingGet the app
Substack is the home for great culture