RT @JustSteveKing@twitter.com

This is a must have for any dev team! Whether you're a manager or not, security principles are a skill we all need!

Check it out!

twitter.com/valorin/status/157

🐦🔗: twitter.com/JustSteveKing/stat

Technically it's because of the timezone, but this is a better reason! 🤣

RT @nikhilranka9@twitter.com

There's a reason why @valorin@twitter.com's talk was towards the end of @LaraconOnline@twitter.com - to ensure developers can remain sane and attend rest of the event.
Great talk as always @valorin@twitter.com 🙌

🐦🔗: twitter.com/nikhilranka9/statu

RT @drmonkeyninja@twitter.com

There's about 3 months security support left for PHP 7.4 and active support for PHP 8.0. If you haven't started planning to upgrade your apps, now is a good time to start.

Anything older than PHP 7.4 is already unsupported and really wants upgrading as soon as possible.

🐦🔗: twitter.com/drmonkeyninja/stat

CSPs are a great layer of security you can add to your site.

RT @freekmurze@twitter.com

🥳 Laravel CSP has reached 1M downloads
github.com/spatie/laravel-csp

😱 Why you need this: a story on harvesting credit card numbers with JS
medium.com/hackernoon/im-harve

🔐 A content security policy can restrict which requests a browser can make

✍️ Blogpost: freek.dev/982-using-content-se

🐦🔗: twitter.com/freekmurze/status/

RT @zend@twitter.com

Worried about security for your containerized application(s)?

Learn how to mitigate root privilege risks in this blog from @zend@twitter.com Product Manager @mwop@twitter.com >> ter.li/s2t52i

🐦🔗: twitter.com/zend/status/154700

It's out! 🥳
This month's Laravel Security In Depth covers Magic Emails - specifically One-Time Passcodes and Magic Links via email.

I've included some example code to make implementing your own OTPs easier.

larasec.substack.com/p/in-dept

Show thread

Bumped my In Depth email to next week, so this week we've got a security tip about Type Juggling in PHP and why PHP 8 didn't completely fix it. 😈
larasec.substack.com/p/securit

(Spoiler alert: APIs are your weakness...)

If you're using packagist.org/packages/hautelo, you'll want to swap it out for something else and rotate your creds and keys ASAP.

The package was hijacked and modified to steal creds like AWS keys from your machines.

See: riskybiznews.substack.com/p/ri

Great list of Laravel accounts to follow by @AshAllenDesign@twitter.com, check it out and get some more Laravel in your feed. 😁

Because we all need more Laravel in our lives. 😎

RT @AshAllenDesign@twitter.com

Top 54 Laravel Twitter Accounts to Follow! 🚀

I've just published a new article on my blog with a list of the top accounts that every Laravel developer should be following.

Have I missed anyone off by accident?

ashallendesign.co.uk/blog/top-

🐦🔗: twitter.com/AshAllenDesign/sta

RT @Cloudways@twitter.com

Most of the site owners focus on the development part but not security. Therefore, websites created using are hacked very often 👨‍💻

Cloudways spoke with security teacher @valorin@twitter.com & got some amazing insights into tackling this issue here ⬇
bit.ly/3v8t1zo

🐦🔗: twitter.com/Cloudways/status/1

Infosec Exchange

A Mastodon instance for info/cyber security-minded people.