Subscribe
Sign in
Home
Securing Laravel has moved!
You can find the new site at securinglaravel.com!
May 2, 2024
•
Stephen Rees-Carter
Securing Laravel PSA: Substack -> Ghost Migration is (mostly) Complete! (pt2)
Did you receive the Part 1 email from Ghost?
May 2, 2024
•
Stephen Rees-Carter
Securing Laravel PSA: the Substack -> Ghost Migration in Progress
Just a quick note to let you know what to expect.
Apr 30, 2024
•
Stephen Rees-Carter
Security Tip: Laravel 11's Per-Second Rate Limiting
[Tip#78] Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To…
Apr 28, 2024
•
Stephen Rees-Carter
Security Tip: Laravel 11's Prompt Validation Rules
[Tip#77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there…
Apr 19, 2024
•
Stephen Rees-Carter
Most Popular
View all
Laravel Security: File Upload Vulnerability
Nov 18, 2021
•
Stephen Rees-Carter
5
Security Tip: Protect Your .env File
Nov 12, 2023
•
Stephen Rees-Carter
Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?
Jan 19, 2024
•
Stephen Rees-Carter
4
Security Tip: Increase Your bcrypt Rounds
Oct 1, 2023
•
Stephen Rees-Carter
1
In Depth: Content Security Policy
Mar 29, 2022
•
Stephen Rees-Carter
In Depth: Adding Rehashing to Laravel
Oct 9, 2023
•
Stephen Rees-Carter
Latest
Top
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
Apr 11, 2024
•
Stephen Rees-Carter
In Depth: Graceful Encryption Key Rotation
[InDepth#25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how…
Apr 3, 2024
•
Stephen Rees-Carter
1
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
Mar 26, 2024
•
Stephen Rees-Carter
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Mar 18, 2024
•
Stephen Rees-Carter
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
Mar 10, 2024
•
Stephen Rees-Carter
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Mar 3, 2024
•
Stephen Rees-Carter
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
Feb 23, 2024
•
Stephen Rees-Carter
1
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Feb 15, 2024
•
Stephen Rees-Carter
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I…
Feb 7, 2024
•
Stephen Rees-Carter
See all
Securing Laravel
IMPORTANT: Securing Laravel has moved to https://securinglaravel.com!
Subscribe
Links
Securing Laravel's New Home!
Securing Laravel
Subscribe
About
Archive
Recommendations
Sitemap
Share this publication
larasec
Securing Laravel
Copy link
Facebook
Email
Notes
More
Share
Copy link
Facebook
Email
Notes
More
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts
