Article 1
I've had some really lovely feedback from folks after my 3 years retrospective post on Securing Laravel yesterday. Thank you all so much for the kind words and support, it means so much to be in such a...
View ArticleArticle 0
Every time I have to look up the OWASP Top 10 to check which position something is in, I always feel like a fraud. Surely I should remember this stuff by now, right? 😕I'm researching for an article...
View ArticleArticle 0
Found this in a security article under the heading "Defending against SSRF attacks ". The advice is good, the suggested code example is... not. 🤦
View ArticleArticle 0
Something I often find during my security audits: vulnerable code, such as SQLi, which is accidently protected by other code. 🙃It's always frustrating to go from finding SQLi and doing a Dr Evil...
View ArticleArticle 2
I guess that is exactly what I asked for, but I thought Copilot would give me at least some form of security warning? 🤷 🤣Any guesses what I need this code for?
View ArticleArticle 1
Are you still using #Laravel 10 (or older), and if so, do you have an upgrade to Laravel 11 planned?This is your periodic reminder that you need to upgrade your Laravel to the latest version (i.e. 11)...
View ArticleArticle 0
We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too! Let's take a look at a vulnerability discovered in Composer back in February...
View ArticleArticle 2
I was hoping to have my latest In Depth for Securing Laravel out today, but it's not quite done yet and it's past midnight here, so I'm clocking off and will finish it tomorrow.In the mean time, here's...
View ArticleArticle 1
We talk a lot about protecting password reset and login forms, but don't forget about the humble registration form, it can provide attackers with crucial intel!...
View ArticleArticle 0
One thing I miss from Substack was the email length limit warning.The In Depth is pushing the limit (I've probably already hit it), so it's time to wrap up and send. Sooo much good stuff in this one -...
View ArticleArticle 0
NEW In Depth: Pentesting Laravel part 3 - Looking for "Interesting" Code! It's time to spend some time looking for smelly or suspicious code, searching for common patterns and functions that usually...
View ArticleArticle 0
I'm looking forward to getting Securing Laravel directly onto ActivityPub, as per: https://phpc.social/@index@activitypub.ghost.org/113136556605595943Has some cool potential, although may lock me into...
View ArticleArticle 0
Working on a new audit and ran through all the searches (and more) that I featured in my last In Depth, have had zero hits... 😲Normally I get a couple of suspicious things that need digging into, but...
View ArticleArticle 1
You may have heard of the /.well-known/ path, and the security.txt file, but there is a new one you should be aware of too:/.well-known/change-password It should redirect to your change password form,...
View ArticleArticle 0
Keeping our Laravel apps secure is all about adding layers of security, so if one layer is compromised, there is always another layer in place. 👹🧅You can follow this principal by defining a custom...
View ArticleArticle 0
Laravel Security Tip: Don't Forget About Policy Filters!Policy Filters let you implement shared authorisation checks across your entire policy without repeating code in every method....
View ArticleArticle 1
TROP ep 6 was so awesome, Annatar is perfect. 😈Can we have ep 7 and 8 now? 🥺#TheRingsOfPower
View ArticleArticle 0
Security Tip: Parameterise your Parameter Names!(aka yet another example for why you should Never Trust User Input!)https://securinglaravel.com/security-tip-parameterise-your-parameter-names/#Laravel
View ArticleArticle 2
Some great reflections from Platformer about the move from Substack to Ghost. I've noticed similar with Securing Laravel, a slow down in new subscribers and paid subscriptions, but less...
View ArticleArticle 1
I've been trying to learn the Glove80, plus an optimised keymap (Engram) with advanced functions, for a few months to help with the Arthritis, but I feel like I'm getting nowhere... 😔Keyboard nerds:...
View Article