Show newer

RT @lotje_kinable@twitter.com

I just subscribed to Laravel Security In Depth larasec.substack.com/?r=1q1khy Because I want to learn how to write secure @laravelphp@twitter.com applications! Where to start and what I shouldn't do!

🐦🔗: twitter.com/lotje_kinable/stat

For those wondering, yes that was Bag End in the background of my @LaraconOnline@twitter.com talk! 😁

1️⃣ What's your favourite @laravelphp@twitter.com security feature in the core framework?

2️⃣ What are your favourite third-party security features?

3️⃣ What's missing from the core you'd love to see added?

RT @LaraconOnline@twitter.com

🔐 Time for the final talk of the day - Browsers are Magical Creatures by @valorin@twitter.com youtube.com/watch?v=f4QShF42c6

🐦🔗: twitter.com/LaraconOnline/stat

Stay for the end of @LaraconOnline@twitter.com for my talk: Browsers are Magical Creatures! 🐲

Talking about browser security features: some are trivial and some bite!

Stream: youtube.com/watch?v=f4QShF42c6
Swag: laracon.net/swag
25% off Laravel Security in Depth: larasec.substack.com/laracon22

In Depth #9: Signed URLs

The ninth In Depth featured my absolute favourite feature in Laravel: Signed URLs! These things are pure awesome, and so simple to use. Seriously, go check them out, if you've never heard of them before! 🤓
larasec.substack.com/p/in-dept

Setting up my new office after moving house. This isn't my complete collection, I'm gonna need another shelf... 🤣

1️⃣ YouTube doesn't publish dislikes, so this number is complete rubbish.
2️⃣ These extensions estimate dislikes based off their users, most of whom use it to revel in dislikes.
3️⃣ I'm willing to bet the Venn diagram of haters for this vs The Rings of Power is a circle.

RT @RoboKnightShow@twitter.com

1 MILLION DISLIKES 💀

🐦🔗: twitter.com/RoboKnightShow/sta

In Depth #8: Policy Objects

In the eighth In Depth, we talked about another common area that is often overlooked in Laravel apps. They also happen to be one of my favourite features, so I had fun sharing everything I knew about them.
larasec.substack.com/p/in-dept

A very exciting email arrived today from @WetaWorkshop@twitter.com! 😄

Now to refresh the tracking status page every 5 minutes until it arrives...

This is your periodic reminder that if you're going to use a signed route in @laravelphp@twitter.com, don't forget to validate the signature.

Otherwise, someone like me can come along and use `?signature=💩`. (Or drop it entirely, but this way is more fun!) 😈

Great video tip featuring my Protecting Production APIs tip (larasec.substack.com/p/protect), with an added idea for checking Cashier/Paddle sandbox mode.

Thanks @PovilasKorop@twitter.com! 😁

RT @PovilasKorop@twitter.com

My new video of the day is based on the security tip by @valorin@twitter.com

Laravel 3rd-party Integrations: Secure Live API Keys youtube.com/watch?v=OG5OBAU0w7

🐦🔗: twitter.com/PovilasKorop/statu

In Depth #7: Content Security Policy (CSP)

The seventh In Depth dived deep into CSPs, providing solid overview of how they are used and how to configure them. It was tough fit everything in, but it covers everything you need to get started! 🤓
larasec.substack.com/p/in-dept

In Depth #6: Timing Attacks

The sixth In Depth was absolutely screaming for an interactive demo, so I built enumeration challenges and we dived into the the fascinating world of timing attacks... where even nanoseconds matter! 😲
larasec.substack.com/p/in-dept

RT @aaronhoyland@twitter.com

Dear world,

Putting baby change stations in the women’s washroom (and maybe the family washroom if there is one) but not the men’s washroom sends a very clear message about whose responsibility you think raising children is, and frankly, I hate it.

Signed,
A dad

🐦🔗: twitter.com/aaronhoyland/statu

Hey @Scott_Helme@twitter.com, is the `Expect-CT` header still relevant?
It's listed on @securityheaders@twitter.com as "Upcoming", but everything I see online says it was relevant a few years ago for a Chrome change that has been and gone?
owasp.org/www-project-secure-h

RT @WOTWatchParty@twitter.com

A huge Ogier-sized welcome to all the new fans just discovering the show!

If you're interested in the world, but don't want massive book spoilers, might we recommend our podcast? Two experts and six newbies discussing the show with no spoilers!

🐦🔗: twitter.com/WOTWatchParty/stat

In Depth #5: Rehashing Passwords

In the fifth In Depth, we dived into how passwords are hashed within Laravel and how you can safely migrate legacy password hashes (ie. md5, sha1, etc) to Bcrypt and Argon. It was quite technical but also very fascinating.
larasec.substack.com/p/in-dept

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.