@valorin
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write Securing Laravel and hack stuff on stage for fun. 😈 (he/him)
• • 121 Posts • 8K Views
Just a friendly reminder that I also offer budget-friendly Laravel Security Reviews: stephenreescarter.net/laravel-security-reviews
If your app hasn't had a pentest before, a Security Review is a great way to check for any vulnerabilities before someone less friendly finds them. 🕵️
XSS doesn't just hide in <script> tags - it sneaks in through HTML attributes, links, and even inline styles! Don't rely on functions like strip_tags() to keep you safe...
securinglaravel.com/security-tip-strip_tags-wont-save-you-from-xss
w00t! My @LaraconAU talk is online!
I'm super proud of how this one turned out, given it started as a "vulnerabilities I'm sick of seeing everywhere" rant!
laracon.au/talks/stephen-rees-carter
Here's my Summary slide for those who wanted a copy (plus the QR code to all my links). 😁
Thanks for laughing at all of my terrible jokes, and for putting up with my obsessing over the word "intentional" on stage. 🤣
Thanks for having me, #LaraconAU!
Feels kinda weird to not be going to the airport during Laracon week, but it's very exciting to have @LaraconAU right here in Brisbane! 🎉
And since I'm speaking, tradition states that Securing Laravel has a sale:
👉 securinglaravel.com/laracon-au
Took me an embarrassingly long time and a bunch of false turns, but I finally have a working Evil Portal on my Flipper. The question is: how to best deploy it at #LaraconAU? 😈
(Turns out, I had it configured right the first time, but outdated docs sent me in a totally wrong direction!)
