Stephen Rees-Carter @valorin@infosec.exchange
- Website
- https://stephenreescarter.net
- https://twitter.com/valorin
- Laravel Security
- https://larasec.substack.com
Audits the security of Laravel apps 🕵️
Hacks stuff on stage for fun 😈
Teaches Laravel Security at http://larasec.substack.com 🎇
Huge Tolkien fan 📖
he/him
Joined Apr 2022
A01:2021 - Broken Access Control email scheduled to go out in 7 hours. It's a long one folks, but we cover a lot of ground and I hope it proves to be a great resource. I've also linked to a lot of prior tips and In Depths, so there is plenty to dig into.
Next week... crypto! 🤓
Working on my first @owasp@twitter.com Top 10 email for Laravel Security in Depth, covering 'A01:2021 - Broken Access Control' and how it relates to @laravelphp@twitter.com. It's a topic I'm always talking about in my talks and security audits, so I've got a lot to say!
#Laravel https://larasec.substack.com/
Importantly the two pieces of personally identifiable information (financial info and password) that can be changed were not accessed. 🤨
Pity the ones you can't easily change were accessed... 🤦
#OptusHack
RT @DailyRoP@twitter.com
#TROPspoilers #TheRingsOfPower
This felt like it was straight out of JA Bayona's 'A Monster Calls'.
I love when TV and movies use animation to tell a story or fairytale, and the imagery here is gorgeous.
It's settled @GregSkerman@twitter.com, the Balrog has wings! 🥰
RT @tolkienarchives@twitter.com
🐦🔗: https://twitter.com/tolkienarchives/status/1573344577532182529
RT @ComfyConAU@twitter.com
It's coming. You asked for it.
🐦🔗: https://twitter.com/ComfyConAU/status/1573126917309726720
RT @DailyRoP@twitter.com
It's that time! @myelessar@twitter.com and I are back with a 2 hour discussion on #TheRingsOfPower Ep 4
Listen to Anna fail to beat the Adar simp allegations, as I lament Celebrimbor's sidelining, and lots more fun inbetween!
Episode 24 - Breakdown of Episode 4 http://sites.libsyn.com/428064/episode-24-breakdown-of-episode-4-with-anna
RT @JustSteveKing@twitter.com
This is a must have for any dev team! Whether you're a manager or not, security principles are a skill we all need!
Check it out!
#php #phpc #laravel https://twitter.com/valorin/status/1572269103397625856
🐦🔗: https://twitter.com/JustSteveKing/status/1572844525147545600
RT @ComfyConAU@twitter.com
Comfycon challenges @AISA_National@twitter.com. If we can assemble a quality, 100% female or non binary conference, for the weekend after the 18th November, that's the weekend after PerthSec, you make a donation to @awsn_au@twitter.com to the Project Friedman initiative for female first time speakers.
🐦🔗: https://twitter.com/ComfyConAU/status/1572540913108529155
Request: Stop replacing podcasts with "Spotify Audio" or YouTube videos.
I want to use my own podcast app to listen, not a walled garden or a media site that forgets what I was listening to and where I was up to!
RT @mattturck@twitter.com
Request: shorter podcasts.
🐦🔗: https://twitter.com/mattturck/status/1571617937206775810
📢 Hey, Tech Leads & Engineering Managers (and anyone else who manages devs)!
We're starting on the OWASP Top 10 next week in Laravel Security in Depth, sign up your team and I'll train them on essential @laravelphp@twitter.com security skills.🔥
Team signup @ https://larasec.substack.com/subscribe?group=true
RT @Bliss_Hughes@twitter.com
I feel like it doesn’t NEED to be said, but with The Two Towers having its’ 20th this year, we are STILL in the middle of celebrating #LOTR20.
The Lord of the Rings is truly timeless and inspired filmmaking.
🐦🔗: https://twitter.com/Bliss_Hughes/status/1572131372453724163
Can anyone suggest a good IoT pool thermometer? Wifi would be nice, so I don't need to stuff around with any other hardware.
We currently just have Google Home, but I'm interested in diving into Home Assistant.
RT @WOTWatchParty@twitter.com
You are summoned to the #WotWatchParty #Discord server - present yourselves! Choose spoiler & non-spoiler channels, share future episode ideas, interact with our panel, & maybe even get selected to be a guest on the show!
http://discord.gg/XAGDzNTvT2
#TwitterOfTime
#TheWheelOfTime
🐦🔗: https://twitter.com/WOTWatchParty/status/1571870801153998850
Starting next week: Laravel Security and the OWASP Top 10.🔥
Join me as we dive into the @owasp@twitter.com Top 10, covering a different risk each week and how they relate to @laravelphp@twitter.com security. This series is not to be missed!
https://larasec.substack.com/p/laravel-security-owasp-top-10-overview #Laravel
Surely you can detect malicious use too... It would follow a specific pattern and you could build some risk scores and throw up warnings.
But seriously @anydesk@twitter.com, why aren't there big scammer warnings I need to agree to before using your software??
There was absolutely nothing telling me a scammer might be using your software. It's a hard problem to solve but you're not doing anything...
Well that was fun, and a bit if a let down... strung along a eBay scammer for 30 minutes. They tried to install @anydesk@twitter.com (no surprise there!), and even after I got bored and told them who I was, they kept calling to try again. 🤣
Finally reached my favourite passage in The Hobbit.
Mr 6 fell asleep during it. Apparently my Smaug voice is very smooth and sleep inducing... Or maybe it was Smaug's dragon-spell. 🐲
In Depth #11: Insecure Direct Object Reference (IDOR)
In the eleventh In Depth we explored IDOR vulnerabilities through a series of fun interactive challenges, and learned about protecting routes and hiding information! 😈
https://larasec.substack.com/p/in-depth-insecure-direct-object-references
- Website
- https://stephenreescarter.net
- https://twitter.com/valorin
- Laravel Security
- https://larasec.substack.com
Audits the security of Laravel apps 🕵️
Hacks stuff on stage for fun 😈
Teaches Laravel Security at http://larasec.substack.com 🎇
Huge Tolkien fan 📖
he/him
Joined Apr 2022
