Woah, apparently I've now published 151 postsl! 🎉
The fourth and final part of my Pentesting Laravel series is out! In this one I reinforce the benefits of reading the code, through a bit of impersonation. It's a fitting end to a fun series.
securinglaravel.com/in-depth-pentesting-laravel-part-4-reading-code-pays-off #Security
Test suites aren't just for raw code expectations, it turns out you can also use them to encourage secure coding practices!
If you're using Pest, these are my recommendations: securinglaravel.com/security-tip-pests-security-preset-strict-equality #Security
Don’t trust user input!
Don’t trust user input!
And one more for good measure…
Don’t trust user input!
securinglaravel.com/security-tip-validating-user-input #Security
Security Tip: Parameterise your Parameter Names!
(aka yet another example for why you should Never Trust User Input!)
securinglaravel.com/security-tip-parameterise-your-parameter-names #Security
We talk a lot about keeping our app dependencies updated, but we can't forget our tools like Composer also need updates too!
Let's take a look at a vulnerability discovered in Composer back in February as an example of why this is so important!
securinglaravel.com/security-tip-keep-your-tools-updated
#Security