Securing Laravel

@index.securinglaravel.com.ap.brid.gy

The essential security resource for Laravel developers. [bridged from https://securinglaravel.com/ on the fediverse by https://fed.brid.gy/ ]

2 followers0 following8 stories

Longform Stories

Security Tip: Secure Your Repositories with Laravel Moat

[Tip #130] Laravel Moat is a new tool that assesses the security posture of your GitHub repositories and recommends ways to tighten the controls protecting them.

May 26·5 min read·923 words

Security Tip: The Signed URL Trap

[Tip #129] I love Signed URLs, but there is one very subtle trap you can accidentally fall into...

Apr 28·4 min read·691 words

In Depth: Don't Trust Public Livewire Properties

[In Depth #39] Public Properties may look like PHP class properties, but they're really hidden form fields, just waiting for your input... 😈

Apr 18·2 min read·282 words

Security Tip: Stop Putting Actions on GET Requests!

[Tip #128] Do you know the difference between GET and POST requests, and why it's so important that GET requests only ever retrieve data?

Mar 17·4 min read·634 words

Security Tip: Your JWT Might Be a Forever Key!

[Tip #127] Without an `exp` claim, a JWT can remain valid forever, turning a leaked token into permanent access.

Mar 9·3 min read·578 words

Security Tip: Validate Config at Boot

[Tip #126] Rather than checking for essential config when it's used, throw the checks in your Service Provider - you'll know about configuration failures before your users get a weird error.

Mar 2·3 min read·536 words

In Depth: Email Verification Isn't as Simple as You Think

[In Depth #38] You can't trust an email address you haven't verified, so why are you storing them in your database?

Feb 22·4 min read·763 words

Security Tip: Consider All Routes, Not Just Web!

[Tip #125] routes/web.php is boring and reliable, and routes/api.php is fancy, but have you forgotten one?

Feb 14·3 min read·478 words