Article 19
You need to protect your .env file, and search engines like to snoop on all of your files, so be careful what you leave lying around! 😈Or, in other words... Install your apps...
View ArticleArticle 18
Just a reminder that Securing Laravel subs are currently on sale for #longhornphp and #LaraconAU! (You don't need to attend to get the discount 🤫 )Sign up for weekly security tips and monthly In Depth...
View ArticleArticle 16
Day two @ #LaraconAU!It's gonna be another fun one, and don't forget to stick around to the very end! I'm last up, teaching you how to Th1nk Lik3 a H4acker. 🥷This one's fully interactive, so bring your...
View ArticleArticle 15
Thanks to everyone who came to #LaraconAU - that was such an amazing conference, and the vibe in the room for my talk was incredible! 🥰It was an absolute honour closing out the show. Oh, and thanks for...
View ArticleArticle 14
If you enjoyed my #LaraconAU talk and want to dig into more hacking challenges, check out Practical Laravel Security - my interactive hacking course aimed at Laravel and PHP...
View ArticleArticle 13
Currently working on a new In Depth for Securing Laravel - it's slightly late due to Laracon, but it's a highly requested one...Securing Apps on Forge → what I do when configuring and deploying apps on...
View ArticleArticle 12
Since it's "Black Friday Week", here are my offerings:Securing Laravel 🕵️👉 Get 25% off a new subscription👉 https://securinglaravel.com/blackfriday23Practical Laravel Security 🥷👉 Get 25% off with...
View ArticleArticle 11
I've had this question many times, so let me take you through the steps I follow when provisioning and securing apps on Forge...https://securinglaravel.com/p/in-depth-securing-apps-on-forge [$]...
View ArticleArticle 10
Working on an audit with a long-time client, and it's always fulfilling to see my scripts that found a lot of stuff during my initial audit are now finding absolutely nothing of note. 🏆Makes it all...
View ArticleArticle 9
When I started doing Security Audits full time in 2022, I wasn't sure where it'd go, but I just had one of my original clients renew for 2024, making it the third year of audits for them! 🎉Thanks...
View ArticleArticle 8
Next Securing Laravel is scheduled and ready. 😁Feels good to have it done in advance, after a few weeks of being behind. We're looking at a core PHP function this week. One I encountered in an audit a...
View ArticleArticle 7
Just how secure is PHP's `strip_tags()`? 🤔Is it safe to use everywhere, or only in some situations, or should you avoid using it completely? 😕Let's answer that question:...
View ArticleArticle 6
I'm really loving this new Substack feature where folks signing up for a paid subscription can leave encouraging notes for me. 🥰
View ArticleArticle 5
I've been reading The Hobbit for a very long time, and I've only just now realised that Gandalf used the same trick of introducing the dwarves to Beorn in small groups as he used to get them all into...
View ArticleArticle 4
Day 3 of 'rona smashing me around... Had a really great idea for a small but useful package, and absolutely no energy to make it happen. I'm also not going to get that course module out that I'd...
View ArticleArticle 3
We looked at `strip_tags()` last week, so we're finishing off the set with `e()`, `htmlspecialchars()`, & `htmlentities()` this week! 🤓Do you know what the difference is, and when you should use...
View ArticleArticle 2
2 months later, and rehashing passwords on login is now back in Laravel! 🎉It's coming in 11 to avoid breaking changes in 10.https://github.com/laravel/framework/pull/48665#Laravel
View ArticleArticle 1
Before you reach for a hashing function, stop and think about what you're hashing and why you're hashing it...Often all you need is a random token, and using a hash to generate one ends up being...
View ArticleArticle 0
So, #Substack... 🤦I really love the platform, and I had hope the leaders would actually grow a f**king conscience, but apparently I was mistaken.I think I'll need to migrate Securing Laravel somewhere...
View Article