Show newer


I just subscribed to Laravel Security In Depth Because I want to learn how to write secure applications! Where to start and what I shouldn't do!


For those wondering, yes that was Bag End in the background of my talk! 😁

1️⃣ What's your favourite security feature in the core framework?

2️⃣ What are your favourite third-party security features?

3️⃣ What's missing from the core you'd love to see added?


🔐 Time for the final talk of the day - Browsers are Magical Creatures by


Stay for the end of for my talk: Browsers are Magical Creatures! 🐲

Talking about browser security features: some are trivial and some bite!

25% off Laravel Security in Depth:

In Depth #9: Signed URLs

The ninth In Depth featured my absolute favourite feature in Laravel: Signed URLs! These things are pure awesome, and so simple to use. Seriously, go check them out, if you've never heard of them before! 🤓

Setting up my new office after moving house. This isn't my complete collection, I'm gonna need another shelf... 🤣

1️⃣ YouTube doesn't publish dislikes, so this number is complete rubbish.
2️⃣ These extensions estimate dislikes based off their users, most of whom use it to revel in dislikes.
3️⃣ I'm willing to bet the Venn diagram of haters for this vs The Rings of Power is a circle.




In Depth #8: Policy Objects

In the eighth In Depth, we talked about another common area that is often overlooked in Laravel apps. They also happen to be one of my favourite features, so I had fun sharing everything I knew about them.

A very exciting email arrived today from! 😄

Now to refresh the tracking status page every 5 minutes until it arrives...

This is your periodic reminder that if you're going to use a signed route in, don't forget to validate the signature.

Otherwise, someone like me can come along and use `?signature=💩`. (Or drop it entirely, but this way is more fun!) 😈

Great video tip featuring my Protecting Production APIs tip (, with an added idea for checking Cashier/Paddle sandbox mode.

Thanks! 😁


My new video of the day is based on the security tip by

Laravel 3rd-party Integrations: Secure Live API Keys


In Depth #7: Content Security Policy (CSP)

The seventh In Depth dived deep into CSPs, providing solid overview of how they are used and how to configure them. It was tough fit everything in, but it covers everything you need to get started! 🤓

In Depth #6: Timing Attacks

The sixth In Depth was absolutely screaming for an interactive demo, so I built enumeration challenges and we dived into the the fascinating world of timing attacks... where even nanoseconds matter! 😲


Dear world,

Putting baby change stations in the women’s washroom (and maybe the family washroom if there is one) but not the men’s washroom sends a very clear message about whose responsibility you think raising children is, and frankly, I hate it.

A dad


Hey, is the `Expect-CT` header still relevant?
It's listed on as "Upcoming", but everything I see online says it was relevant a few years ago for a Chrome change that has been and gone?


A huge Ogier-sized welcome to all the new fans just discovering the show!

If you're interested in the world, but don't want massive book spoilers, might we recommend our podcast? Two experts and six newbies discussing the show with no spoilers!


In Depth #5: Rehashing Passwords

In the fifth In Depth, we dived into how passwords are hashed within Laravel and how you can safely migrate legacy password hashes (ie. md5, sha1, etc) to Bcrypt and Argon. It was quite technical but also very fascinating.

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.