Just a friendly reminder that I also offer budget-friendly Laravel Security Reviews: stephenreescarter.net/laravel-security-reviews
If your app hasn't had a pentest before, a Security Review is a great way to check for any vulnerabilities before someone less friendly finds them. 🕵️
Stephen Rees-Carter
@valorin
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write Securing Laravel and hack stuff on stage for fun. 😈 (he/him)
• • 110 Posts • 7K Views
Woah, apparently I've now published 151 postsl! 🎉
The fourth and final part of my Pentesting Laravel series is out! In this one I reinforce the benefits of reading the code, through a bit of impersonation. It's a fitting end to a fun series.
securinglaravel.com/in-depth-pentesting-laravel-part-4-reading-code-pays-off #Security
Working on part 4 of my Pentesting Laravel series, and I'm sneaking a few more security vulns into Chirper as I'm going along. Anyone paying close attention between the posts will notice some issues I find later on are missing in the earlier ones. 🤫
I've been trialling a "Quarterly Laravel Security Reviews" service, and a few slots have opened up next year! 🕵️
These are different from an annual audit/pentest, where you get a static report and 12 months to ignore it. Instead, I work with you throughout the year, reviewing code changes and PRs each quarter, to help you improve and maintain the security of your app(s). 🤓
I'm also available for your team to message at any time with security questions, and we can schedule the quarterly reviews around specific releases too.
Every team has different needs, and I can customise the reviews to meet yours. For some the reviews build a formal audit, while others wish for deep dives and a separate audit.
Reach out if you're interested, I'd love to work with you! 🙂
I'm speaking at #LaraconAU 2024. Hope to see you there!
laracon.au/tickets/it_69645593
Test suites aren't just for raw code expectations, it turns out you can also use them to encourage secure coding practices!
If you're using Pest, these are my recommendations: securinglaravel.com/security-tip-pests-security-preset-strict-equality #Security