Article 0
Laravel's config files are great, but don't forget to put sensitive values (i.e. secrets, passwords, tokens, etc) in your .env file! (or you might end up committing...
View ArticleArticle 0
Security Tip: Why Parameterised Queries Are Important!aka Have you heard the story of Little Bobby Tables? 😉https://securinglaravel.com/security-tip-parameterised-queries/#Laravel
View ArticleArticle 0
The Rings of Power has definitely found it's groove, ep 7 was awesome, heart-breaking , shocking, and oh so satisfying, but I need ep 8 now! 😭 😱 🤗#TheRingsOfPower
View ArticleArticle 5
Sorry Arc Browser folks, I give it a try every so often, but the workflow is just too different and the Windows version likes to crash at really inconvenient times. (I lost a post I was writing this...
View ArticleArticle 4
One of my personal pet peeves in Laravel has finally been fixed, thanks to some awesome work by Fabrice Locher!The Secure cookie attribute will now match the request protocol automatically! 🎉 (I'm very...
View ArticleArticle 3
With Laracon AU sneaking up on us, it's time for me to refresh my "Laravel Security Audit Top 10 Issues" list from April 2023! I'm very curious to see if anything has moved around from last time....
View ArticleArticle 2
Just a friendly reminder that I also offer budget-friendly Laravel Security Reviews: https://stephenreescarter.net/laravel-security-reviews/If your app hasn't had a pentest before, a Security Review is...
View ArticleArticle 1
Don’t trust user input!Don’t trust user input!And one more for good measure…Don’t trust user input! https://securinglaravel.com/security-tip-validating-user-input/#Laravel
View ArticleArticle 0
I think ep8 was my favourite Rings of Power episode! 🥰So heartbreaking and incredible, paying off so many threads and setting up next season. Lots of tears were shed. 😭😭😭Also, I'm pretty sure it...
View ArticleArticle 1
This whole WP/ACF Responsible Disclosure kerfuffle got me thinking about doing a conference talk about Responsible Disclosure. 🤔Would there be any interest in a talk like this at Laracon/PHP Confs?Also...
View ArticleArticle 0
Test suites aren't just for raw code expectations, it turns out you can also use them to encourage secure coding practices!If you're using Pest, these are my recommendations:...
View ArticleArticle 0
Submitted! 🤞I really hope this one gets picked, I'm super excited by the idea.
View ArticleArticle 2
We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript. Your sensitive data may be one "View Source" away from a breach......
View ArticleArticle 1
Have you ever wondered what the `secure` flag on cookies does, and why it's important?It's designed to stop your cookies from being sent over unencrypted connections, and ending up in the hands of.....
View ArticleArticle 0
I'm speaking at #LaraconAU 2024. Hope to see you there! https://laracon.au/tickets/it_69645593
View ArticleArticle 1
Security isn't just about adding layers of defence, it's also about taking proactive steps to make securing stuff easier, such as in the case of the humble securty.txt file - which makes it easier for...
View ArticleArticle 0
Ugh, tradies turning up at 4:45pm for a 2+ hour job, when I specifically told them I needed to be out of the house by 5pm is just rude. 😡
View ArticleArticle 0
After years of FUD about WordPress having insecure code, it's somewhat appropriate that what actually destroys all trust in WP has nothing to do with insecure code at all. 🙃#WordPress
View Article