Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Latest
Top
Discussions
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
Apr 11
•
Stephen Rees-Carter
Share this post
Security Tip: Laravel 11's Automatic Password Rehashing
securinglaravel.com
Copy link
Facebook
Email
Note
Other
In Depth: Graceful Encryption Key Rotation
[InDepth#25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how…
Apr 3
•
Stephen Rees-Carter
2
Share this post
In Depth: Graceful Encryption Key Rotation
securinglaravel.com
Copy link
Facebook
Email
Note
Other
March 2024
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
Mar 26
•
Stephen Rees-Carter
3
Share this post
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
securinglaravel.com
Copy link
Facebook
Email
Note
Other
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Mar 18
•
Stephen Rees-Carter
6
Share this post
Security Tip: Laravel 11's Middleware Configuration
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
Mar 10
•
Stephen Rees-Carter
3
Share this post
Security Tip: A Well-Known URL for Changing Passwords
securinglaravel.com
Copy link
Facebook
Email
Note
Other
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Mar 3
•
Stephen Rees-Carter
3
Share this post
In Depth: Registration Without Enumeration!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
February 2024
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
Feb 23
•
Stephen Rees-Carter
5
Share this post
Security Tip: Don't Forget Your Registration Form!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Feb 15
•
Stephen Rees-Carter
3
Share this post
Security Tip: Keep Your Tools Updated!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I…
Feb 7
•
Stephen Rees-Carter
3
Share this post
Security Tip: Fix Your Leaky APIs!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
January 2024
In Depth: Protecting Staging Sites!
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your…
Jan 30
•
Stephen Rees-Carter
4
Share this post
In Depth: Protecting Staging Sites!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
Security Tip: Use a Supported Version of Laravel!
[Tip#69] Are you using Laravel 10? If not, do you have an upgrade planned? If you're not on 10, your app may be at risk!
Jan 22
•
Stephen Rees-Carter
4
Share this post
Security Tip: Use a Supported Version of Laravel!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?
[Notice #2] What is this malware targeting Laravel, and should you be concerned about your apps?
Jan 19
•
Stephen Rees-Carter
9
Share this post
Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?
securinglaravel.com
Copy link
Facebook
Email
Note
Other
4
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts