Laravel Security In Depth
Subscribe
Sign in
Home
Chat
Practical Laravel Security
Laravel Security Audits
Archive
About
New
Top
Discussion
Laravel Security: File Upload Vulnerability
Explaining that Laravel Image File Upload Vulnerability...
Stephen Rees-Carter
Nov 18, 2021
10
2
Share this post
Laravel Security: File Upload Vulnerability
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Content Security Policy
[InDepth#7] Content Security Policies are an incredibly powerful security feature built into the browser, and as it turns out, they are also pretty easy…
Stephen Rees-Carter
Mar 29, 2022
7
Share this post
In Depth: Content Security Policy
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Restricting Local File Access
[Tip#33] We can easily restrict access to files on remote storage like S3, but what about local files?
Stephen Rees-Carter
Jan 1
4
5
Share this post
Security Tip: Restricting Local File Access
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: Signed URLs
[InDepth#9] One of the many awesome and completely underrated Laravel security features.
Stephen Rees-Carter
May 28, 2022
2
1
Share this post
In Depth: Signed URLs
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: SQL Injection
[InDepth#2] Let's dive into SQL Injection, learn how it works, and what we can do with it.
Stephen Rees-Carter
Oct 23, 2021
4
Share this post
In Depth: SQL Injection
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Custom Encryption Key
[Tip#1] - We're starting out with a simple but quite important tip, how to use a custom encryption key for encrypted casting within Models.
Stephen Rees-Carter
Sep 5, 2021
6
Share this post
Security Tip: Custom Encryption Key
larasec.substack.com
Copy link
Twitter
Facebook
Email
In Depth: "Password Generator" Security Audit
[InDepth#12] In November 2022, Steve McDougall published a tutorial called "Creating a Password Generator"... we're going to audit his code!
Stephen Rees-Carter
Jan 9
3
1
Share this post
In Depth: "Password Generator" Security Audit
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Login Logging
[Tip#25] Try saying that fast 3 times...
Stephen Rees-Carter
Jun 22, 2022
12
10
Share this post
Security Tip: Login Logging
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Validating User Input
[Tip#7] Always pass user input through a validator to ensure you only get the data you're expecting.
Stephen Rees-Carter
Nov 8, 2021
5
2
Share this post
Security Tip: Validating User Input
larasec.substack.com
Copy link
Twitter
Facebook
Email
OWASP In Depth: A05:2021 – Security Misconfiguration
From Insecure Design last week to Insecure Configuration this week!
Stephen Rees-Carter
Oct 28, 2022
3
Share this post
OWASP In Depth: A05:2021 – Security Misconfiguration
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Multiple Rate Limits
[Tip#32] For times when one rate limit just won't do!
Stephen Rees-Carter
Dec 24, 2022
1
Share this post
Security Tip: Multiple Rate Limits
larasec.substack.com
Copy link
Twitter
Facebook
Email
Security Tip: Canary Tokens
[Tip#31] These are my favourite simple security trick to let you know if someone is poking around in your stuff.
Stephen Rees-Carter
Dec 16, 2022
4
Share this post
Security Tip: Canary Tokens
larasec.substack.com
Copy link
Twitter
Facebook
Email
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts