Article 0
"Links in this email will start with 'https://' and contain 'zip.co'", you mean like this?https:// phishing . zip . co . evilhacker . dev 😈This is terrible advice... 🤦
View ArticleArticle 0
Without checking, is this code true or false when executed in PHP?"0e123456789" == "0e987654321"truefalse (8.x), true (<=7.x)false
View ArticleArticle 0
Securing Laravel's 3rd birthday (31st Aug) is in less than 2 weeks, and we're SO CLOSE to breaking the 4,000 subscriber mark!So this is a shameless reminder to go sign up @...
View ArticleArticle 1
dump() interceptors in dev tools like Herd and Telescope are very helpful, but be careful you don't accidently send dump() to...
View ArticleArticle 0
I'm just about to hop on the first of my four (!!) flights to Laravel Live Denmark, which as per my tradition means Securing Laravel is now ON SALE! 🛫Sign up now and get 25% off a premium...
View ArticleArticle 0
I get this question all the time: Is strip_tags() secure? My answer is always: Yes and No.It depends how and where you use it, so let's take a look at some of the common use cases and...
View ArticleArticle 1
Do you know the difference between `e()`, `htmlspecialchars()`, & `htmlentities()`, and can we just use `e()` for everything?https://securinglaravel.com/security-tip-escape-output-with-e/#Laravel
View ArticleArticle 0
Before you reach for a hashing function, stop and think about what you're hashing and why you're hashing it. Do you really need a hash for that, or are there better alternatives that provide more...
View ArticleArticle 1
I love how every Laracon and Laravel Live feels unique, and Denmark is no exception!(And I am totally stealing one of those flags from the tables! 🤫)
View ArticleArticle 0
PHP is fun. 🙃😎> "0e123456789" == "0e987654321"= true I expected the majority of folks to get this wrong, but I'm fascinated by how the results are different between Twitter, LinkedIn, and Mastodon. 🤔
View ArticleArticle 0
Day 2 at #LaravelLiveDK! 🎉I'm on @ 2pm today, teaching you how to think like a hacker, and we'll have fun hacking into a vulnerable app together. So bring your hacking skills! 🕵️ 🥷Plus, if you want to...
View ArticleArticle 0
It may be the jetlag talking (1 flight done, 3 to go...), but I love this new beta feature in Fastmail: adding private notes to emails. I really missed this feature when I left HEY, so it's nice to be...
View ArticleArticle 0
The number of business people I've seen leave their laptops unlocked and unattended in airport lounges on this trip is truly shocking. 🤦Don't y'all do security awareness training that literally tells...
View ArticleArticle 0
I'm considering adding links to security-related tutorials and packages in the Laravel & PHP community to either my weekly Security Tip emails or in a new monthly email. 🧐What do you think?I'll...
View ArticleArticle 1
For those situations where you need to generate a repeatable hash or signature, reach for HMAC, rather than MD5 or SHA1.https://securinglaravel.com/security-tip-use-hmac-hashes-to-verify/#Laravel
View ArticleArticle 0
Reflecting on some conversations at #LaravelLiveDK, and I'm realising there were a bunch of you I know online, but I totally didn't join the dots in person. 😧Socialising is hard, I have a terrible...
View ArticleArticle 0
As useful as it sounds, nl2br() can potentially leave you open to Cross-Site Scripting (XSS) vulnerabilities... you should reach for CSS...
View ArticleArticle 1
Did you know Laravel's URL validator lets you control which protocols you accept? My recommendation is to require HTTPS-only if possible, or limit it to only HTTP and HTTPS if you don't need special...
View ArticleArticle 0
It’s an API, do I really need to escape anything?(Spoiler: yes you do!)https://blog.treblle.com/api-escaping-output-importance/
View ArticleArticle 2
3 years ago I started a paid newsletter as an experiment, not knowing how much interest there would actually be...Now after 3 years, 90 Security Tips and 28 In Depth articles (+ a few special...
View Article