Laravel Security In Depth
Subscribe
Sign in
Home
Chat
Practical Laravel Security
Laravel Security Audits
Archive
About
New
Top
Discussion
Security Tip: Encoding/Serialising Data
[Tip#36] Encoding/serialising data can be risky if you're not using the correct functions.
Stephen Rees-Carter
Feb 2
3
Share this post
Security Tip: Encoding/Serialising Data
larasec.substack.com
Copy link
Twitter
Facebook
Email
January 2023
Security Tip: Leaking Data After Changes
[Tip#35] It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app
Stephen Rees-Carter
Jan 26
4
Share this post
Security Tip: Leaking Data After Changes
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Encrypting Environment Files?
[Tip#34] In September, Laravel 9.32 added the ability to encrypt environment files... but do you need to use it?
Stephen Rees-Carter
Jan 17
5
2
Share this post
Security Tip: Encrypting Environment Files?
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Stephen Rees-Carter
Jan 9
3
1
Share this post
In Depth: "Password Generator" Security Audit
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
Stephen Rees-Carter
Jan 1
4
5
Share this post
Security Tip: Restricting Local File Access
larasec.substack.com
Copy link
Twitter
Facebook
Email
December 2022
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Stephen Rees-Carter
Dec 24, 2022
1
Share this post
Security Tip: Multiple Rate Limits
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Canary Tokens
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Stephen Rees-Carter
Dec 16, 2022
4
Share this post
Security Tip: Canary Tokens
larasec.substack.com
Copy link
Twitter
Facebook
Email
OWASP Tip: A10:2021 – Server-Side Request Forgery (SSRF)
Our final entry in the OWASP Top 10 series - be aware of what your servers can access!
Stephen Rees-Carter
Dec 7, 2022
1
Share this post
OWASP Tip: A10:2021 – Server-Side Request Forgery (SSRF)
larasec.substack.com
Copy link
Twitter
Facebook
Email
November 2022
OWASP Tip: A09:2021 – Security Logging and Monitoring Failures
You do have logging enabled, right?
Stephen Rees-Carter
Nov 29, 2022
5
Share this post
OWASP Tip: A09:2021 – Security Logging and Monitoring Failures
larasec.substack.com
Copy link
Twitter
Facebook
Email
OWASP In Depth: A08:2021 – Software and Data Integrity Failures
It's a three-in-one for the third last entry into our OWASP Top 10 series!
Stephen Rees-Carter
Nov 21, 2022
2
Share this post
OWASP In Depth: A08:2021 – Software and Data Integrity Failures
larasec.substack.com
Copy link
Twitter
Facebook
Email
OWASP Tip: A07:2021 – Identification and Authentication Failures
Don't get confused with authorisation, we're talking authENTICation this week.
Stephen Rees-Carter
Nov 13, 2022
2
Share this post
OWASP Tip: A07:2021 – Identification and Authentication Failures
larasec.substack.com
Copy link
Twitter
Facebook
Email
OWASP Tip: A06:2021 – Vulnerable and Outdated Components
Keep your stuff updated!!
Stephen Rees-Carter
Nov 5, 2022
1
Share this post
OWASP Tip: A06:2021 – Vulnerable and Outdated Components
larasec.substack.com
Copy link
Twitter
Facebook
Email
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts