Securinglaravel.com
Securinglaravel.com
Securing Laravel
The essential security resource for Laravel developers.
The essential security resource for Laravel developers.
✍️Write rieview ✍️Rezension schreiben 🏷️Get Badge! 🏷️Abzeichen holen! ⚙️Edit entry ⚙️Eintrag bearbeiten 📰News 📰Neuigkeiten
Tags: developers essential resource security
[Tip #106] Laravel 12 gives us the ability to reject passwords longer than 72 bytes for bcrypt, but you need to turn it on manually. Oh, and don't forget to add a validation rule, or you'll be throwing suspicious 500 server errors! 😱
11.3.2025 07:46Security Tip: Limiting bcrypt Passwords to 72 Bytes![Tip #105] These are my top 3 tips for getting started with a Content Security Policy - as proven by a friend who went from failing security scans to passing with flying colours.
24.2.2025 07:00Security Tip: Run Your CSP in Local Development![Tip #104] It's easy for type juggling to sneak into authorisation callbacks, especially when types are ambiguous, and if you're not careful, you may be leaving a massive hole waiting to be exploited! 😱
16.2.2025 06:00Security Tip: Type Coercion in Broadcast Routes![In Depth #33] Let's explore a number of common ways developers fail authorisation in Laravel apps, and what you need to watch out for so you don't make the same mistakes!
10.2.2025 12:48In Depth: Common Authorisation Failures![Tip #103] It's story time! Let's look at the SHA-3 competition as a reminder that crypto is hard... 😱
31.1.2025 04:00Security Tip: Don't Roll Your Own Crypto![Tip #102] In less than 2 weeks, Laravel 10.x will no longer be supported, and PHP 8.1 has less than 12 months left! Do you have an upgrade plan?
23.1.2025 03:00Security Tip: Do You Have an Upgrade Plan?[Tip #101] Password length limits are often a sign of a legacy backend or insecure hashing, but did you know bcrypt only hashes the first 72 characters? It raises the question, should we be limiting password lengths when using bcrypt too? 🤔
15.1.2025 02:00Security Tip: Should You Limit Password Lengths?[In Depth #32] Let's explore 5 different "Authentication Fails" that I've come across, as a reminder for why it's so important to get authentication right.
7.1.2025 01:03In Depth: Five Ways to Fail at Authentication[Tip #100] One of the fun parts of doing my security audits is coming across unexpected code that looks exploitable, and trying it out myself to see what possibilities exist.
17.12.2024 11:01Security Tip: What If You Hashed Null?[Tip #99] Let me tell you a story about a time when a single missing character allowed me to escalate my privileges and gain admin access, despite all the protections designed to stop me! 😈
11.12.2024 03:01Security Tip: Please Stop Hardcoding Admin Domains![Tip #98] XSS doesn't just hide in