Welcome to Laravel Security in Depth!


I’m Stephen Rees-Carter, welcome to Laravel Security in Depth!

I started Laravel Security in Depth as a way to share my security knowledge with the Laravel community, and have a lot of fun doing so. My goal is to provide a community for everyone, regardless of their skill level and prior experience in security, where you can learn new things and ask questions, and learn to love security as much as I do.

It’s definitely grown over time, and I’m not just talking about subscriber numbers! First I was just sending out emails, but then I had the fun idea to build an intentionally vulnerable demo site, so now you can execute your own SQL Injection, Cross-Site Scripting attacks, play with Enumeration attacks and IDORs. Add in monthly polls and security discussions, and you’ll always find something you’re interested in!

So what are you waiting for? Come join us and learn more about Laravel security!

Becoming a paid subscriber allows me to dedicate the time each week to writing these emails, and encourages me to keep learning and sharing more about Laravel security. I would not be able to do this each week if it wasn’t for your support. Thank you.

Please reach out if you’ve got any questions about Laravel Security in Depth (stephen@rees-carter.net), and you can find me on Twitter as @valorin.


P.s. I’ll answer a few common questions about LSID here:

Who Is it For?

Everyone. 😁

It doesn’t matter what your skill level is, or what prior security experience you have, you will learn a lot from subscribing. I always take the time to explain the concepts and terms for anyone who is unfamiliar with them before diving into the technical aspects, and we dive deep into the concepts for those who already know something about them.

The best bit is, every email has a comments section - so you can raise any questions you have or ask me to explain anything you’re unsure of.

What Do You Get?

Monthly In Depth Emails

Each month I send out an In Depth email to paid subscribers, covering a specific security concept.

Some months this is in the form of code examples, while others we look more into theory and overall design/workflow, and if we’re learning about a vulnerability, we’ll learn some tricks and techniques too. Where suitable, I’ll add challenges to our intentionally vulnerable demo site - so you can try attacks first-hand. I’ll be adding videos soon too, to give you more ways to learn!

You can use the comments feature to ask questions, so we can dive deeper into a topic or start a discussion, and you can suggest topics for us to cover.

Weekly Security Tips/Discussions

To fill in the gaps between the monthly In Depth emails, I send out weekly Security Tips or Discussions. These are small snippets of code, reminders of features, or topics to discuss, designed to get you thinking about security, refresh your memory, and help you write secure code.

Free subscribers will receive one of the security tips per month.

Who Am I?

My name is Stephen Rees-Carter and I’ve been a Laravel developer for over half a decade, focusing on Security for most of that time. I am now a Laravel Security Specialist, and conduct security audits and penetration tests full time. Please reach out if you’d like my help hacking and securing your site!

I’ve worked in on large SaaS apps, internal toolkits, single-use disposable apps, corporate sites, and more, and even cleaned infected WordPress sites. I have a Security+ certification and am a Certified Ethical Hacker. Security is my passion, and I’ve spent the past couple of years speaking at conferences, showing how easy it is to hack into websites and how you can defend against such attacks.

I am a regular Laracon presenter, as well as the International PHP Conference, multiple NDC conferences, linux.conf.au, and more. You can find notes and recordings of my talks on my website or YouTube.

What Is The Community Saying?

To find out more about the company that provides the tech for this newsletter, visit Substack.com.


Stephen Rees-Carter
Stephen specialises in security audits of Laravel apps and is the creator of Laravel Security in Depth, where he teaches Laravel developers about security concepts and how to think like a hacker.