valorin

Stephen Rees-Carter

Verified

@valorin

Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write Securing Laravel and hack stuff on stage for fun. 😈 (he/him)

6 Answers 5K views

Securing Laravel (Newsletter)

twitter.com/valorin

phpc.social/@valorin (Fediverse)

valorin.bsky.social

LinkedIn

threads.net/@valorinsrc

github.com/valorin

Practical Laravel Security (Course)

Laravel Security Audits and Penetration Tests

Website

Conference Talks

/ 255

samlev

Samuel Levy

@samlev

What's your take on the NSW governments "password strength checker" service?

www.nsw.gov.au/id-support-nsw/be-prepared/passwords

valorin

Stephen Rees-Carter

Verified

@valorin

It's a good idea, in theory. Raising awareness about rubbish passwords is always good, and their strength checks seem ok.

However... it's full of tracking scripts and other BS, which could be compromised to steal passwords, and link then with IP addresses, etc. Which is typical govt missing the point. It should be a clean page without trackers. 🤦

5K views

?

Anonymously

Please release the Dropbear toolkit🤞 I'm handling all the deployments at my small company and I'm often just scared to do something silly and get hacked😂

valorin

Stephen Rees-Carter

Verified

@valorin

Working on it. 😁

5K views

?

Anonymously

Do you have any recommendations around security education or certifications that would improve our understanding of security?

valorin

Stephen Rees-Carter

Verified

@valorin

A lot of security education comes from just immersing yourself in the world by looking at vulnerability write ups, listening to podcasts like Darknet Diaries, etc.

In terms of certs, there are A LOT and the best ones to do depend on the flavour of security you're interested in, but a good starting point is the CompTIA Security+ cert. I really enjoyed that one when I did it and it gives a good introduction to a lot of security concepts.

5K views

?

Anonymously

How did you got into security?

valorin

Stephen Rees-Carter

Verified

@valorin

I'd been interested in it for many years, but it wasn't until I was looking for a side job and stumbled upon a job cleaning malware off infected WordPress sites at Wordfence that I really headed down this path properly.

I did that for a year, moved into their dev team to work on their internal tooling, did my security certs, and started speaking at conferences. It kinda grew from there.

5K views