Welcome to Laravel Security in Depth!


I’m Stephen Rees-Carter, welcome to Laravel Security in Depth!

I started Laravel Security in Depth as a way to share my security knowledge with the Laravel community, and have a lot of fun doing so. My goal is to provide a community for everyone, regardless of their skill level and prior experience in security, where you can learn new things and ask questions, and learn to love security as much as I do.

It’s definitely grown over time, and I’m not just talking about subscriber numbers! First I was just sending out emails, but then I had the crazy idea to build an intentionally vulnerable demo site, so now you can execute your own SQL Injection and Cross-Site Scripting attacks. I’ve recently started initiating discussion posts, in which I explain a concept, give my recommendations, and then discuss why there isn’t a simple fix, throwing it out to the community to discuss. Up next, I’ll be adding videos into the posts shortly too, as another way for you to learn.

Join us to learn more about Laravel security!

Paid subscribers are sent my monthly In Depth emails, weekly security tips/discussions and have access to the extra features like our intentionally vulnerable demo site. Free subscribers are sent a monthly security tip.

Your support means so much, and I know you’ll learn a lot by being a subscriber.

Please reach out if you’ve got any questions about Laravel Security in Depth (stephen@rees-carter.net), and you can find me on Twitter as @valorin.


P.s. I’ll answer a few common questions about LSID here:

Who Is it For?

Everyone. 😁

It doesn’t matter what your skill level is, or what prior security experience you have, you will learn a lot from subscribing. I always take the time to explain the concepts and terms for anyone who is unfamiliar with them before diving into the technical aspects, and we dive deep into the concepts for those who already know something about them.

The best bit is, every email has a comments section - so you can raise any questions you have or ask me to explain anything you’re unsure of.

What Do You Get?

Monthly In Depth Emails

Each month I send out an In Depth email to paid subscribers, covering a specific security concept.

Some months this is in the form of code examples, while others we look more into theory and overall design/workflow, and if we’re learning about a vulnerability, we’ll learn some tricks and techniques too. Where suitable, I’ll add challenges to our intentionally vulnerable demo site - so you can try attacks first-hand. I’ll be adding videos soon too, to give you more ways to learn!

You can use the comments feature to ask questions, so we can dive deeper into a topic or start a discussion, and you can suggest topics for us to cover.

Weekly Security Tips/Discussions

To fill in the gaps between the monthly In Depth emails, I send out weekly Security Tips or Discussions. These are small snippets of code, reminders of features, or topics to discuss, designed to get you thinking about security, refresh your memory, and help you write secure code.

Free subscribers will receive one of the security tips per month.

Who Am I?

My name is Stephen Rees-Carter and I’ve been a Laravel developer for over half a decade, focusing on Security for most of that time. I’ve worked in on large SaaS apps, internal toolkits, single-use disposable apps, corporate sites, and more, and even cleaned infected WordPress sites. I have a Security+ certification and am a Certified Ethical Hacker. Security is my passion, and I’ve spent the past couple of years speaking at conferences, showing how easy it is to hack into websites and how you can defend against such attacks.

I have presented security talks at multiple Laracon’s, the Internationally PHP Conference, NDC Sydney, Linux.conf.au, and many WordCamps. You can find notes and recordings of my talks on my website or YouTube.

What Is The Community Saying?

To find out more about the company that provides the tech for this newsletter, visit Substack.com.