Laravel Security In Depth
Subscribe
Sign in
Home
Archive
About
More
return
;
New
Top
Discussion
Laravel Security: File Upload Vulnerability
Explaining that Laravel Image File Upload Vulnerability...
Stephen Rees-Carter
Nov 18, 2021
7
Comment
2
Share
Share this post
Laravel Security: File Upload Vulnerability
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Validating User Input
[Tip#7] Always pass user input through a validator to ensure you only get the data you're expecting.
Stephen Rees-Carter
Nov 8, 2021
3
Comment
2
Share
Share this post
Security Tip: Validating User Input
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Custom Encryption Key
[Tip#1] - We're starting out with a simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.
Stephen Rees-Carter
Sep 5, 2021
4
Comment
Share
Share this post
Security Tip: Custom Encryption Key
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: SQL Injection
[InDepth#2] Let's dive into SQL Injection, learn how it works, and what we can do with it.
Stephen Rees-Carter
Oct 23, 2021
2
Comment
Share
Share this post
In Depth: SQL Injection
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Escaping Output Safely
Let's dive into Escaping Output Safely in your Laravel apps. Learn about Cross-Site Scripting (XSS), how to handle unescaped output safely, and explore…
Stephen Rees-Carter
Nov 16, 2021
2
Comment
Share
Share this post
Laravel Security In Depth: Escaping Output Safely
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Content Security Policy
[InDepth#7] Content Security Policies are an incredibly powerful security feature built into the browser, and as it turns out, they are also pretty easy…
Stephen Rees-Carter
Mar 29
1
Comment
Share
Share this post
In Depth: Content Security Policy
larasec.substack.com
Copy link
Twitter
Facebook
Email
Laravel Security In Depth: Timing Attacks
[InDepth#6] You can use response timing to infer important information... in this post we dive into timing attacks in Password Resets and more.
Stephen Rees-Carter
Feb 21
1
Comment
Share
Share this post
In Depth: Timing Attacks
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Policy Objects
[InDepth#8] Policy Objects are incredibly powerful. Use them.
Stephen Rees-Carter
Apr 26
1
Comment
Share
Share this post
In Depth: Policy Objects
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Guessing Placeholders
[InDepth#4] Placeholders are incredibly useful, but you need to be careful with them. If a malicious user can guess a placeholder, they can manipulate…
Stephen Rees-Carter
Dec 19, 2021
1
Comment
4
Share
Share this post
Laravel Security In Depth: Guessing Placeholders
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Discussion: Is User Enumeration a Risk?
User Enumeration is a commonly reported vulnerability where you can identify if a user has an account based on the response you get back from a User…
Stephen Rees-Carter
Feb 5
11
Comment
2
Share
Share this post
Security Discussion: Is User Enumeration a Risk?
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Don't Hardcode Admin Emails
[Tip#17] It's easy to forget to update the admins list when it changes...
Stephen Rees-Carter
Mar 17
2
Comment
Share
Share this post
Security Tip: Don't Hardcode Admin Emails
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Be Careful Of Transliteration
[Tip#15] Because we don't already have enough to worry about, without also needing to factor in other characters and emoji too...
Stephen Rees-Carter
Feb 13
3
Comment
Share
Share this post
Security Tip: Be Careful Of Transliteration
larasec.substack.com
Copy link
Twitter
Facebook
Email
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts