Article 1
Challenge #3 completed!I am very excited to see how folks go with this. It's unlike any of the other challenges and should prove a bit of fun, and frustration.
View ArticleArticle 0
I've had some Audit/Pentest clients unexpectedly pull out, leaving me with slots in Dec-Jan that I need to fill!If you're new to Pentesting, or it's been a while, now is a great time. I focus on...
View ArticleArticle 4
I've heard from some folks (ok, one person) that they didn't realise Securing Laravel and Practical Laravel Security were different (my fault for the similar names!), so I thought I'd explain the...
View ArticleArticle 3
Securing Laravel is my mailing list & "blog". I write weekly Tips and monthly In Depth articles on all aspects of security for Laravel and PHP devs. The Tips are free, while the In Depth articles...
View ArticleArticle 2
Practical Laravel Security is a hands-on text-based course designed around a series of interactive hacking challenges that teach you how specific vulns work, followed by defences. My theory is that if...
View ArticleArticle 1
In summary:Securing Laravel is a weekly mailing list and website full of free security tips and paid in depth articles.Practical Laravel Security is a paid text-only interactive course structured as a...
View ArticleArticle 0
Here's that idea I'd like feedback on:Would you be interested in Practical Laravel Security included as a perk of a high priced tier on Securing Laravel?I.e. You sign up for Securing Laravel on a...
View ArticleArticle 1
Long time coming, but the first 3 challenges in the Injection module on https://practicallaravelsecurity.com are now live! ๐They take you through Local File Inclusion, Object Manipulation, and PHP...
View ArticleArticle 0
The other awesome thing I added to Practical Laravel Security is a free demo, so if you're curious how the course works and the structure of the courses, check it out!๐...
View ArticleArticle 0
Proud hacker parent moment: While I'm lying on the couch feeling sick, Mr 8 took my phone without asking, scanned the QR code on his Switch, used my finger to unlock 1Password, and let himself into the...
View ArticleArticle 7
Took me an embarrassingly long time and a bunch of false turns, but I finally have a working Evil Portal on my Flipper! The question is: how to best deploy it at #LaraconAU? ๐(Turns out I had it setup...
View ArticleArticle 6
Feels kinda weird to not be going to the airport during Laracon week, but it's very exciting to have Laracon AU right here in Brisbane! ๐And since I'm speaking, tradition states that Securing Laravel...
View ArticleArticle 5
Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without...
View ArticleArticle 4
Is it just me, or does anyone else look for the Timing Pattern every time they see a QR code? ๐ง
View ArticleArticle 3
Ever clicked a link that looked legitimate, but took you somewhere unexpected?This is how an Open Redirect works: you can see you're clicking on a safe domain, but you're redirected away and probably...
View ArticleArticle 1
Here's my Summary slide for those who wanted a copy (plus the QR code to all my links). ๐Thanks for laughing at all of my terrible jokes, and for putting up with my obsessing over the word...
View ArticleArticle 0
Encryption is essential, but you can't just install a certificate and go about your day... Secure those cookies, redirect from HTTP, and HSTS FTW!...
View ArticleArticle 0
Just received a rather lovely and encouraging email, but I'm not quite sure how to respond... ๐(Someone really needs to teach this guy how Google works!)
View ArticleArticle 1
After that rather interesting email I posted yesterday, it's nice to come across actual encouraging comments about Securing Laravel. It's comments like this that make all of the hard work worth it, and...
View Article