Article 1
It's an old article and feature from Laravel 9 era, but still one that raises questions and needs careful consideration before you use it:Should you encrypt your environment files and commit...
View ArticleArticle 0
Password length limits are often a sign of a legacy backend or insecure hashing, but did you know bcrypt only hashes the first 72 characters? It raises the question, should we be limiting password...
View ArticleArticle 0
It's easy to make innocent changes to one part of your app and forget to check how that flows into other parts of your app... Such as leaking sensitive data that you thought was protected!...
View ArticleArticle 1
Just locked in my first Laravel Security Workshop! 🎉 🔥I've lead sessions at conferences before, but this will be the first with a dev team, and the first I've fully organised myself. It's incredibly...
View ArticleArticle 0
Do you use PHP's `serialize()` and `unserialize()` functions with user data?https://securinglaravel.com/p/security-tip-encodingserialising#Laravel
View ArticleArticle 1
If you need to generate passwords in your app, it's important to use a cryptographically secure algorithm. Laravel makes this easy by giving us the Str::password()...
View ArticleArticle 0
Laravel is full of little helpers and features, and the Timebox is one that's often overlooked. 🧐Wrap your code inside the Timebox, and timing differences become a lot harder to measure....
View ArticleArticle 0
In less than 2 weeks, Laravel 10.x will no longer be supported, and PHP 8.1 has less than 12 months left! 😱Do you have an upgrade plan?...
View ArticleArticle 1
Kids go back to school tomorrow, which means (in theory), I'll be able to inject some quality distract-free hours onto my course. 🤞I was hoping to have the Authentication module out last week, but...
View ArticleArticle 0
Why treat all user input as strings when you can pull out specific values from Laravel's Request object and automatically cast them as the types you're...
View ArticleArticle 1
Laravel's Request gives you a bunch of different helper methods for interacting with user input. Although I recommend just sticking with `$request->validate()`, there are a few useful ones for...
View ArticleArticle 0
Well this is a new one... What's going on here? 🧐There are a few different aspects to this one, they definitely get points for creativity. 🤣
View ArticleArticle 4
Love to see these numbers each morning, and getting very close to 4,000 subscribers! 🎉
View ArticleArticle 3
While trying to come up with a security tip relating to Insecure Cryptography, my partner reminded me of a story she was once told about the SHA-3 competition. It's a great reminder that crypto is...
View ArticleArticle 2
It's quite common to inject JSON into Blade templates for various use cases, but is it actually safe to do so? Not really...https://securinglaravel.com/security-tip-safely-rendering-json/#Laravel
View ArticleArticle 1
Had a great intro call with the team for my security workshops in a few weeks! It's going to be a fun one, and they should get a lot out of it. But it got me thinking... maybe I should run a public...
View ArticleArticle 0
Validating single values in Laravel is easy, but what about validating array inputs?https://securinglaravel.com/security-tip-validating-array-inputs/#Laravel
View ArticleArticle 5
For the nerdy folks interested in hashing, bcrypt, 72 bytes, and other weird cryptography things like that in Laravel, check out this PR: https://github.com/laravel/framework/pull/54509🤓
View ArticleArticle 4
Today's working music... Once Upon a Time: The Musical Episode. 🎶My one complaint: there are only 8 songs, I want more...
View ArticleArticle 3
Let's explore a number of common ways developers fail authorisation in Laravel apps, and what you need to watch out for so you don't make the same...
View Article