Article 2
Ok folks, repeat after me: Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on...
View ArticleArticle 1
Ok, fine. This is actually XSS and not specifically related to debug mode. 🤷Therefore... Repeat after me:Escape your outputs!Escape your outputs!Escape your outputs!Escape your outputs!
View ArticleArticle 0
Long overdue, but I finally tagged v1.0 of valorin/random! 🎉The only significant change is removing string support in pick(), and returning the same type. The rest is pretty stable, and works from PHP...
View ArticleArticle 1
This is gonna be a fun one! 🤓 If you have any security questions about the new Laravel Starter Kits, let me know and I'll try to fit it in!
View ArticleArticle 0
Unexpected benefit of Laravel Cloud - spinning up test apps for vulnerability scanning. 😈
View ArticleArticle 0
Sorry folks, I'll have to delay my In Depth on the Starter Kits until next week. I'm 4k words deep into it so far (and somehow only covered the first?! 😲) but a few things outside my control mean I...
View ArticleArticle 1
Laravel 12 introduced a seemingly minor change: image validation now excludes SVGs by default. 🤔 Let's take a look at why this is so important!...
View ArticleArticle 0
I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie...
View ArticleArticle 1
Temporary URLs for file access is an essential piece of the security puzzle, which up until "recently" were only available out-of-the-box for the S3 driver in Laravel. Now you can easily generate them...
View ArticleArticle 0
Proud pentester moment: One of my clients just hit me with a @ThinkstCanary Canary Token! 🤩🐷🔑
View ArticleArticle 0
Since my security review of the Laravel Starter Kits has stalled for <reasons>, I've embarked on a new In Depth article.👉 In Depth: What Actually Is MFA? 👈What do you folks wanna know? I'll try...
View ArticleArticle 0
I need to write more succinctly - I'm trying to finish off my MFA article, and it's at 4.5k words... 😲Just need to cover Passkeys and then it'll be good to send out.
View ArticleArticle 1
I love seeing even one 👍 show up after sending out a in depth article on Securing Laravel. 🥰It means someone cared enough to read through the whole article, get to the very bottom, find the ratings...
View ArticleArticle 0
MFA, 2FA, 2SV, DFA... 🙃Something you know/have/are... 🤨Let's figure out this MFA thing and why it's so important! 🤓https://securinglaravel.com/in-depth-what-actually-is-mfa/#Laravel
View ArticleArticle 0
Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are you leaving your apps unprotected?...
View ArticleArticle 3
Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking...
View ArticleArticle 2
Any folks in the EU or UK area interested in hosting an in-person Laravel security workshop for their company or community around the mid-end of August? 🕵️I'm planning to go to #LaravelLiveDK again...
View ArticleArticle 1
Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it....
View ArticleArticle 0
I get asked this all the time, so it's time to set the record straight: there is nothing insecure about storing your credentials in a .env, as long as you keep your .env...
View ArticleArticle 0
I'm totally not begging for subscribers, but I just need 20 more to hit 4k. 🥺 🙏 😇 https://securinglaravel.com/
View Article