Quantcast
Channel: Stephen Rees-Carter :laravel:
Browsing latest articles
Browse All 434 View Live

Article 2

Ok folks, repeat after me: Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on debug mode in production!Do not turn on...

View Article


Article 1

Ok, fine. This is actually XSS and not specifically related to debug mode. 🤷Therefore... Repeat after me:Escape your outputs!Escape your outputs!Escape your outputs!Escape your outputs!

View Article


Article 0

Long overdue, but I finally tagged v1.0 of valorin/random! 🎉The only significant change is removing string support in pick(), and returning the same type. The rest is pretty stable, and works from PHP...

View Article

Article 1

This is gonna be a fun one! 🤓 If you have any security questions about the new Laravel Starter Kits, let me know and I'll try to fit it in!

View Article

Article 0

Unexpected benefit of Laravel Cloud - spinning up test apps for vulnerability scanning. 😈

View Article


Article 0

Sorry folks, I'll have to delay my In Depth on the Starter Kits until next week. I'm 4k words deep into it so far (and somehow only covered the first?! 😲) but a few things outside my control mean I...

View Article

Article 1

Laravel 12 introduced a seemingly minor change: image validation now excludes SVGs by default. 🤔 Let's take a look at why this is so important!...

View Article

Article 0

I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie...

View Article


Article 1

Temporary URLs for file access is an essential piece of the security puzzle, which up until "recently" were only available out-of-the-box for the S3 driver in Laravel. Now you can easily generate them...

View Article


Article 0

Proud pentester moment: One of my clients just hit me with a @ThinkstCanary Canary Token! 🤩🐷🔑

View Article

Article 0

Since my security review of the Laravel Starter Kits has stalled for <reasons>, I've embarked on a new In Depth article.👉 In Depth: What Actually Is MFA? 👈What do you folks wanna know? I'll try...

View Article

Article 0

I need to write more succinctly - I'm trying to finish off my MFA article, and it's at 4.5k words... 😲Just need to cover Passkeys and then it'll be good to send out.

View Article

Article 1

I love seeing even one 👍 show up after sending out a in depth article on Securing Laravel. 🥰It means someone cared enough to read through the whole article, get to the very bottom, find the ratings...

View Article


Article 0

MFA, 2FA, 2SV, DFA... 🙃Something you know/have/are... 🤨Let's figure out this MFA thing and why it's so important! 🤓https://securinglaravel.com/in-depth-what-actually-is-mfa/#Laravel

View Article

Article 0

Security headers add important layers of defence to your apps, preventing data leaks, XSS and CSRF attacks, clickjacking, and more... Why are you leaving your apps unprotected?...

View Article


Article 3

Setting up a CSP doesn't have to be a daunting task! Let's take a look at a tips for getting started with CSPs, without breaking...

View Article

Article 2

Any folks in the EU or UK area interested in hosting an in-person Laravel security workshop for their company or community around the mid-end of August? 🕵️I'm planning to go to #LaravelLiveDK again...

View Article


Article 1

Dev tools are are really helpful, but they are still just dev tools. Don't install them on production... or anywhere world-accessible, if you can avoid it....

View Article

Article 0

I get asked this all the time, so it's time to set the record straight: there is nothing insecure about storing your credentials in a .env, as long as you keep your .env...

View Article

Article 0

I'm totally not begging for subscribers, but I just need 20 more to hit 4k. 🥺 🙏 😇 https://securinglaravel.com/

View Article
Browsing latest articles
Browse All 434 View Live