Subscribe
Sign in
Home
Latest
Top
Securing Laravel has moved!
You can find the new site at securinglaravel.com!
May 2
•
Stephen Rees-Carter
Securing Laravel PSA: Substack -> Ghost Migration is (mostly) Complete! (pt2)
Did you receive the Part 1 email from Ghost?
May 2
•
Stephen Rees-Carter
April 2024
Securing Laravel PSA: the Substack -> Ghost Migration in Progress
Just a quick note to let you know what to expect.
Apr 30
•
Stephen Rees-Carter
Security Tip: Laravel 11's Per-Second Rate Limiting
[Tip#78] Up until now, Laravel has only supported rate limiting per-minute, but that didn't work in some scenarios, as a minute is a very long time. To…
Apr 28
•
Stephen Rees-Carter
Security Tip: Laravel 11's Prompt Validation Rules
[Tip#77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there…
Apr 19
•
Stephen Rees-Carter
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
Apr 11
•
Stephen Rees-Carter
In Depth: Graceful Encryption Key Rotation
[InDepth#25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how…
Apr 3
•
Stephen Rees-Carter
1
March 2024
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
Mar 26
•
Stephen Rees-Carter
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Mar 18
•
Stephen Rees-Carter
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
Mar 10
•
Stephen Rees-Carter
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Mar 3
•
Stephen Rees-Carter
February 2024
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
Feb 23
•
Stephen Rees-Carter
1
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts