Published on July 03, 2024 Yes, you do still need to worry about Type Juggling! Hey there, PHP is known for its loose types and type juggling, and in my opinion, this is one of it... Read more →
Published on January 29, 2024 The Many Forms of Missing Authorisation! Hey there! It's been a while since I last sent out an email, and even longer since there was a... Read more →
Published on June 05, 2023 Do you know what Blind SQLi is? Hey there! Do you know what Blind SQLi is? Blind SQLi is a method of SQL Injection attack where... Read more →
Published on May 04, 2023 CSRF protection with CORS & SameSite Cookies Hey there, I'm excited to let know know that just released two new modules for Practical Lar... Read more →
Published on April 06, 2023 The first piece of the CSRF puzzle: CSRF Tokens Hey there, Following up from the release of last week's Cross-Site Request Forgery (CSRF) At... Read more →
Published on March 30, 2023 Cross-Site Request Forgery... how big of a risk is it? (Plus, it's out!!) Hey there, I know I've been a bit quiet recently, but I'm very excited to let you all kno... Read more →
Published on March 13, 2023 Practical Laravel Security update Dear friends, It's been a while since my last Practical Laravel Security update, so I want... Read more →
Published on February 10, 2023 The hard part about working in security... Hey there, Do you know what the hardest part about working in the security industry is? No one wan... Read more →
Published on February 03, 2023 Safely Handling HTML and Markdown! Hey there, It's been a while since my last update - sorry about that. January has been a busy... Read more →
Published on January 07, 2023 Escaping Output and Payment Plans! Hey there, I hope you all had a great holiday period and new year, and you have a great 2023! My pr... Read more →
Published on December 22, 2022 Opening the doors to Practical Laravel Security... Hey there, If you've been waiting for the news about Early Access to Practical Laravel Secur... Read more →
Published on December 18, 2022 Building the XSS Challenges Hey there! As I mentioned yesterday, I wanted to talk a bit about building the challenges within... Read more →
Published on December 17, 2022 Saturday is here and the Early Access is... not... Hey there! Well, Saturday is here and the Practical Laravel Security Early Access is... not...... Read more →
Published on December 10, 2022 Why practical security will make your apps more secure Hey there! There's more to security than just policy documents. You can't just work your... Read more →
Published on November 28, 2022 Should we block compromised passwords and require 2FA? Hey there! Since Practical Laravel Security is a security course, my security auditor brain wants m... Read more →