Subscribe
Sign in
Home
Practical Laravel Security
Laravel Security Audits
In Depths
Tips
Audits Top 10
OWASP Top 10
Archive
Leaderboard
About
Latest
Top
Discussions
Security Tip: Laravel 11's Prompt Validation Rules
[Tip#77] We often talk about validating user input from the browser, but what about user input on the command line? Validation is just as useful there…
Apr 19
•
Stephen Rees-Carter
Share this post
Security Tip: Laravel 11's Prompt Validation Rules
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Laravel 11's Automatic Password Rehashing
[Tip#76] Let's check out three of the configuration options available as part of Automatic Password Rehashing: custom fields, disabling rehashing, and…
Apr 11
•
Stephen Rees-Carter
Share this post
Security Tip: Laravel 11's Automatic Password Rehashing
securinglaravel.com
Copy link
Facebook
Email
Note
Other
In Depth: Graceful Encryption Key Rotation
[InDepth#25] Laravel makes effective use of encryption for security purposes, but what happens if your encryption key needs to be rotated? Let's see how…
Apr 3
•
Stephen Rees-Carter
2
Share this post
In Depth: Graceful Encryption Key Rotation
securinglaravel.com
Copy link
Facebook
Email
Note
Other
March 2024
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
[Tip#75] As part of the simplification of the app structure in Laravel 11, the Request Authorisation and Validation methods are no longer available on…
Mar 26
•
Stephen Rees-Carter
3
Share this post
Security Tip: Laravel 11's Controller Authorisation & Validation Methods
securinglaravel.com
Copy link
Facebook
Email
Note
Other
2
Security Tip: Laravel 11's Middleware Configuration
[Tip#74] Laravel 11 shifts the default middleware into the framework itself and exposes configuration through the bootstrap/app.php class.
Mar 18
•
Stephen Rees-Carter
6
Share this post
Security Tip: Laravel 11's Middleware Configuration
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: A Well-Known URL for Changing Passwords
[Tip#73] You may have heard of the `/.well-known/` path, and the security.txt file, but there is a new one called `change-password` you should be aware…
Mar 10
•
Stephen Rees-Carter
3
Share this post
Security Tip: A Well-Known URL for Changing Passwords
securinglaravel.com
Copy link
Facebook
Email
Note
Other
In Depth: Registration Without Enumeration!
[InDepth#24] It's time to answer the question: how do you build user registration and authentication without an enumeration vector?
Mar 3
•
Stephen Rees-Carter
3
Share this post
In Depth: Registration Without Enumeration!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
February 2024
Security Tip: Don't Forget Your Registration Form!
[Tip#72] We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form... it can provide attackers…
Feb 23
•
Stephen Rees-Carter
5
Share this post
Security Tip: Don't Forget Your Registration Form!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
Security Tip: Keep Your Tools Updated!
[Tip#71] We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Feb 15
•
Stephen Rees-Carter
3
Share this post
Security Tip: Keep Your Tools Updated!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Security Tip: Fix Your Leaky APIs!
[Tip#70] This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I…
Feb 7
•
Stephen Rees-Carter
3
Share this post
Security Tip: Fix Your Leaky APIs!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
January 2024
In Depth: Protecting Staging Sites!
[InDepth#23] Staging sites usually contain buggy code, debugging tools, and lower security than production, while also being a gateway into your…
Jan 30
•
Stephen Rees-Carter
4
Share this post
In Depth: Protecting Staging Sites!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
1
Security Tip: Use a Supported Version of Laravel!
[Tip#69] Are you using Laravel 10? If not, do you have an upgrade planned? If you're not on 10, your app may be at risk!
Jan 22
•
Stephen Rees-Carter
4
Share this post
Security Tip: Use a Supported Version of Laravel!
securinglaravel.com
Copy link
Facebook
Email
Note
Other
Share
Copy link
Facebook
Email
Note
Other
This site requires JavaScript to run correctly. Please
turn on JavaScript
or unblock scripts