Working on my first @owasp@twitter.com Top 10 email for Laravel Security in Depth, covering 'A01:2021 - Broken Access Control' and how it relates to @laravelphp@twitter.com. It's a topic I'm always talking about in my talks and security audits, so I've got a lot to say!
larasec.substack.com/

RT @JustSteveKing@twitter.com

This is a must have for any dev team! Whether you're a manager or not, security principles are a skill we all need!

Check it out!

twitter.com/valorin/status/157

🐦🔗: twitter.com/JustSteveKing/stat

Starting next week: Laravel Security and the OWASP Top 10.🔥

Join me as we dive into the @owasp@twitter.com Top 10, covering a different risk each week and how they relate to @laravelphp@twitter.com security. This series is not to be missed!

larasec.substack.com/p/laravel

Technically it's because of the timezone, but this is a better reason! 🤣

RT @nikhilranka9@twitter.com

There's a reason why @valorin@twitter.com's talk was towards the end of @LaraconOnline@twitter.com - to ensure developers can remain sane and attend rest of the event.
Great talk as always @valorin@twitter.com 🙌

🐦🔗: twitter.com/nikhilranka9/statu

1️⃣ What's your favourite @laravelphp@twitter.com security feature in the core framework?

2️⃣ What are your favourite third-party security features?

3️⃣ What's missing from the core you'd love to see added?

12 months ago I started a little mailing list called Laravel Security in Depth, with the ambitious idea to send out weekly emails about @laravelphp@twitter.com Security...

12 months of emails later and it's going strong with over 1k subscribers! 🥳

larasec.substack.com/p/12-mont

New LSID email out soon, although not the planned anniversary challenge or an In Depth. A few big things sucked up my time this week, and I wanted to do a retrospective look at the past 12 months instead. 🥰

The challenge is coming...
larasec.substack.com/ @laravelphp@twitter.com

I've had some availability open up, so if you're looking for a Laravel Security Audit and Penetration Test, DM me! 🕵️

I specialise in Laravel security audits and have helped many dev teams find and fix some 😱 critical vulnerabilities.
valorinsecurity.com

Thinking about a Security Audit / Penetration Test for your app? 🕵️

I've got some availability in the next few months I'm looking to fill, and I'd love to hack your site to help you improve your security. 😁

Send me a DM or go to valorinsecurity.com

RT @michaeldyrynda@twitter.com

What interesting things are people in the ecosystem working on? Not just packages, but also content being produced. Who are you following and what are they sharing?

🐦🔗: twitter.com/michaeldyrynda/sta

RT @valorin@twitter.com

Thinking about a @laravelphp@twitter.com security audit/pentest?

I've just had some availability open up in November, and would love to hack your site!
um...
I mean...
Help you improve the security of your site. 😉

Send me a DM or go to: valorinsecurity.com/

🐦🔗: twitter.com/valorin/status/155

Thinking about a @laravelphp@twitter.com security audit/pentest?

I've just had some availability open up in November, and would love to hack your site!
um...
I mean...
Help you improve the security of your site. 😉

Send me a DM or go to: valorinsecurity.com/

Wow, someone skipped forward to challenge #5 first 😲, but it is the most fun, so I get it.
(🤫 bypass a @laravelphp@twitter.com signed url 😈)

Give it a try and let me know how you go: larasec.substack.com/p/in-dept

New Laravel Security In Depth on Insecure Direct Object References (IDOR)! 🤓

This was so much fun to put together. I built 5 new challenges to explore and play with. See if you can get through to the end without peaking! 😈 🙊 🔒
larasec.substack.com/p/in-dept

It's out! 🥳
This month's Laravel Security In Depth covers Magic Emails - specifically One-Time Passcodes and Magic Links via email.

I've included some example code to make implementing your own OTPs easier.

larasec.substack.com/p/in-dept

Show thread

Bumped my In Depth email to next week, so this week we've got a security tip about Type Juggling in PHP and why PHP 8 didn't completely fix it. 😈
larasec.substack.com/p/securit

(Spoiler alert: APIs are your weakness...)

RT @phpmagazin@twitter.com

ist voller , die helfen, schnell, schöne zu schreiben und erstklassige Anwendungen zu produzieren. Ebenso besitzt das viele .

@valorin@twitter.com analysiert Laravel in Bezug der .

➡️app.entwickler.de/ARa0Ymdv9pb

🐦🔗: twitter.com/phpmagazin/status/

RT @freekmurze@twitter.com

🔐 Laravel can encrypt model attributes out of the box. Very handy / needed when storing third party API keys in your DB.
laravel.com/docs/master/eloque

Make sure to use custom key for the encryption so your main app key remains rotatable
stephenreescarter.net/custom-k

🐦🔗: twitter.com/freekmurze/status/

Following my theme of underrated @laravelphp@twitter.com features, this month's In Depth is everything I know about Signed URLs! 🤓

For a minor feature with a small section in the docs, there is a lot to unpack and learn. 📖

Check it out here: larasec.substack.com/p/in-dept

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.