Archive - Securing Laravel

Laravel Security: File Upload Vulnerability

Explaining that Laravel Image File Upload Vulnerability...

Nov 18, 2021 •

Stephen Rees-Carter

Security Tip: Protect Your .env File

[Tip#62] Search engines like to snoop on all of your files, so be careful what you leave lying around.

Nov 12, 2023 •

Stephen Rees-Carter

Laravel Security: "Androxgh0st" Malware Targeting Laravel apps?

[Notice #2] What is this malware targeting Laravel, and should you be concerned about your apps?

Jan 19, 2024 •

Stephen Rees-Carter

Security Tip: Increase Your bcrypt Rounds

[Tip#58] It's time to upgrade your bcrypt rounds to 12 (or higher)!

Oct 1, 2023 •

Stephen Rees-Carter

In Depth: Content Security Policy

[InDepth#7] Content Security Policies are an incredibly powerful security feature built into the browser, and as it turns out, they are also pretty easy…

Mar 29, 2022 •

Stephen Rees-Carter

In Depth: Adding Rehashing to Laravel

[InDepth#20] It turns out Laravel was missing an important piece of it's Authentication system: password rehashing! Let's add that in and learn how the…

Oct 9, 2023 •

Stephen Rees-Carter

In Depth: Signed URLs

[InDepth#9] One of the many awesome and completely underrated Laravel security features.

May 28, 2022 •

Stephen Rees-Carter

Security Tip: Don't Use nl2br()!

[Tip#67] As useful as it sounds, nl2br() can potentially leave you open to Cross-Site Scripting (XSS) vulnerabilities... you should reach for CSS…

Jan 6, 2024 •

Stephen Rees-Carter

In Depth: Storing Environment Variables Safely

[InDepth#17] Let's dive deep into the wonderful world of storing environment variables safely, looking at the different options Laravel supports and…

Jun 19, 2023 •

Stephen Rees-Carter

In Depth: Protecting Staging Sites!

[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your…

Jan 30, 2024 •

Stephen Rees-Carter

Security Tip: Restricting Local File Access

[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?

Jan 1, 2023 •

Stephen Rees-Carter

Security Tip: Laravel 11's Middleware Configuration

[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.

Mar 18, 2024 •

Stephen Rees-Carter

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts