Sitemap - 2023 - Securing Laravel

In Depth: Introducing Random

Security Tip: Use HMAC Hashes To Verify Data

Security Tip: Do You Really Need a Hash for That?

Security Tip: Escape Output with e(), htmlspecialchars(), & htmlentities()!

Security Tip: Is `strip_tags()` Secure?

In Depth: Securing Apps on Forge

Security Tip: Protect Your .env File

Security Tip: Don't Log Sensitive Data

Security Tip: Hide Sensitive Parameters from Stack Traces

Security Tip: Disable Debug Mode on World-accessible Apps

In Depth: Adding Rehashing to Laravel

Security Tip: Increase Your bcrypt Rounds

Security Tip: Watch Out for Command Injection

Security Tip: Compare keys with hash_equals()

2 years of Securing Laravel / Laravel Security In Depth!

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 2)

Security Tip: Avoiding Filename Collisions

Security Tip: Hijacking Domains, the Easy Way?

Security Tip: Bypassing CSRF Protection with File Uploads

In Depth: "Th1nk Lik3 a H4cker" Walkthrough (part 1)

Security Tip: HTML autocomplete Attribute

Security Tip: Validate Your Webhooks!

Security Tip: Watch out for Resource Authorisation

OpenLampTech - Developer Interview with Stephen Rees-Carter

Security Tip: Disable Dev Tools on Prod

In Depth: Storing Environment Variables Safely

Security Tip: Test for Missing Authorisation

Security Tip: Getting Started with Content Security Policies

Security Tip: Security Headers are Layers of Defence

Laravel Security In Depth → Securing Laravel

In Depth: What Are Insecure Functions?

Security Tip: Replace Simple Dependencies

Security Tip: Avoiding XSS with HtmlString

Security Tip: Don't Forget Rate Limiting

In Depth: Mass-Assignment Vulnerabilities

Security Tip: Validating Array Inputs

Security Tip: Safely Rendering JSON in Blade

In Depth: Securing Randomness Without Breaking Things

Security Tip: Retrieving Request Values

Security Tip: Casting Request Values

Security Tip: Timebox for Timing Attacks

Security Tip: New Password Generator

In Depth: Stealing Password Tokens with Forwarded Host Poisoning

Security Tip: Encoding/Serialising Data

Security Tip: Leaking Data After Changes

Security Tip: Encrypting Environment Files?

In Depth: "Password Generator" Security Audit

Security Tip: Restricting Local File Access

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts