Woah, apparently I've now published 151 postsl! 🎉

The fourth and final part of my Pentesting Laravel series is out! In this one I reinforce the benefits of reading the code, through a bit of impersonation. It's a fitting end to a fun series.

securinglaravel.com/in-depth-pentesting-laravel-part-4-reading-code-pays-off #Security

Working on part 4 of my Pentesting Laravel series, and I'm sneaking a few more security vulns into Chirper as I'm going along. Anyone paying close attention between the posts will notice some issues I find later on are missing in the earlier ones. 🤫

I've been trialling a "Quarterly Laravel Security Reviews" service, and a few slots have opened up next year! 🕵️

These are different from an annual audit/pentest, where you get a static report and 12 months to ignore it. Instead, I work with you throughout the year, reviewing code changes and PRs each quarter, to help you improve and maintain the security of your app(s). 🤓

I'm also available for your team to message at any time with security questions, and we can schedule the quarterly reviews around specific releases too.

Every team has different needs, and I can customise the reviews to meet yours. For some the reviews build a formal audit, while others wish for deep dives and a separate audit.

Reach out if you're interested, I'd love to work with you! 🙂

I'm speaking at #LaraconAU 2024. Hope to see you there!
laracon.au/tickets/it_69645593

Test suites aren't just for raw code expectations, it turns out you can also use them to encourage secure coding practices!

If you're using Pest, these are my recommendations: securinglaravel.com/security-tip-pests-security-preset-strict-equality #Security