Article 0
Excited to report that I've had a lot of interest for a Laravel Security Workshop at Laracon AU, so I'm looking into venues for a half-day on Wed morning (12th Nov), so you just have to come a day...
View ArticleArticle 1
On the subject of Laravel Security Workshops, any companies in the EU or UK interested in an in-person workshop for their team? I'm hoping to book a few around Laravel Live Denmark. 🤓I've transformed...
View ArticleArticle 0
So many spinning plates at the moment, between trying to organise workshops, trips, sponsors, audit/pentest clients, etc... 🥴To keep up with all I'm doing, sign up to https://securinglaravel.com. The...
View ArticleArticle 0
It may seem like a harmless debugging tool, with a bunch of boring config values and version numbers, but phpinfo() is a goldmine of sensitive data - even when it's "protected" in an admin account!...
View ArticleArticle 2
It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise......
View ArticleArticle 1
"Don't Roll Your Own Crypto" applies to password generators too! It's way too easy to unknowingly lower your entropy by trying to be clever......
View ArticleArticle 0
It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin!...
View ArticleArticle 0
Starting to lock in details for the Pre-Laracon Security workshop in Brisbane! 🎉It'll be the morning of Wednesday 12th November - the day before Laracon AU, at a venue really close to the...
View ArticleArticle 3
This is your periodic reminder to check your app for any leaky APIs and fix them ASAP, otherwise you might end up with an email from Have I Been Pwned's Troy...
View ArticleArticle 2
That one time I had a domain hijacked... aka don't leave domains (or subdomains) pointing at servers or nameservers you don't control!...
View ArticleArticle 1
One of my favourite Laravel features, the humble HtmlString, is now available as an Eloquent Cast - which should make it much more accessible! 🎉 But there is a catch......
View ArticleArticle 0
Getting close to locking all the details for my Pre- #LaraconAU security workshop! 🎉Will send out details about timing, venue, and maybe ticket prices either tonight or tomorrow. 😈Sign up for...
View ArticleArticle 1
Found a nice spot to work on Part 2 of my Deep Dive into the Laravel Starter Kits - hopefully tackling all three: Volt, Vue, and React! 🤞I wasn't a fan of the Livewire with Blade kit, so I'm curious to...
View ArticleArticle 0
I've had some folks asking, so a quick Pre-Laracon AU Security Workshop update: I'm still working on locking in the venue, but I'm trying to set up a ticket order form at the moment, and will send an...
View ArticleArticle 0
Sorry for the delay with getting my latest Securing Laravel In Depth article out, it's not due to security issues this time though - I've fractured my S5 sacrum, so I can only work on it in short...
View ArticleArticle 0
It's official, the venue is locked, which means it's time to sell tickets, just in time for EOFY in AU too! 🎉Come along for a fun morning learning how to be a hacker, the day before Laracon AU on Wed...
View ArticleArticle 0
It's time to review the Livewire Volt, Vue, and React Starter Kits! Let's see what vulnerabilities are hiding under the surface, and just how easy it is to fix them......
View ArticleArticle 0
Oops, almost forgot to get a ticket to Laracon AU! 🤣Who else is coming in November? 🧐Oh and if you're coming to Laracon, you should totally come a day early for my Security Workshop on the Wednesday!...
View ArticleArticle 0
w00t! 10 tickets to "Let's Hack!" Pre-Laracon AU workshop sold - only 20 left! 🎉"Let's Hack!" is built from "Th1nk Lik3 a H4cker", challenging you and teaching you the hacker mindset for your own apps!...
View ArticleArticle 0
How secure is your Laravel app? 🧐You can't answer that by looking at your own code & it's WAY too easy to see what you expect to see, and without a fresh set of eyes, you'll never notice that RCE...
View Article