Practical Laravel Security
Sent on

Course Outline is up and Presale is open!

Hey there!

Phew, finally reached the end of what turned out to be a very busy week! I was hoping to get the details of the course up earlier, but everything else conspired to get in the way - as is often the case. But the details are now up! AND I also got the presale launched! 🥳

A huge thanks to those who have already purchased the presale - you are pure awesome! Thanks so much for your support! 🥰

If you haven't purchased the presale yet, please consider doing so. The presale price is discounted and will only be available until I launch the first modules of the course, so signing up now will get you the cheapest price and give you access to everything included in the course when it launches. Buying the presale also helps me dedicate more time to get the course out sooner.

👉 Get the presale here: https://practicallaravelsecurity.com 👈

Note, if you have any questions about the pricing, are looking for PPP pricing, or discounted presale teams pricing, send me an email and I can get you sorted. 🙂

(I know Black Friday is next week, but there won't be any further discounts on PLS for Black Friday. Keep your eyes open for one for Laravel Security in Depth though. 😉)

About the Course

Since you've signed up here already, you know how important secuirty is for developers. It may not even surprise you to know that the most common cause of vulnerabilities in Laravel apps are small mistakes and overlooked details that expose something. A lot of the time assumptions are made, tests are skipped, and vulnerabilities are born.

In my experience, the best way to find these vulnerabilities is to think like a hacker and look at code and applications in terms of "how can I attack this". When you do that, you'll discover you notice the subtle things, the small mistakes, or the insecure and less-robust code patterns. Once you recognise these, you'll see how someone can exploit the vulnerabilities in your code. And you'll know how to fix them!

With this in mind, Practical Laravel Security is broken up into three sections:

Attack

We're going to learn about common vulnerabilities and attacks on web apps, and Laravel apps specifically. First we'll cover the theory - what is is? How does it work? Why would they use it?

And then you'll learn how to do it yourself! Each module will give you hands on practical exercises where you can put your new hacking skills to use!

We'll cover Cross-Site Scripting (XSS), SQL Injection (SQLi), Cross-Site Request Forgery (CSRF), Insecure Direct Object Referneces (IDOR), Remote Code Execution (RCE), Server Side Request Forgery (SSRF), and a bunch more without friendly acronyms.

Defend

Of course, there's no point teaching you an attack without also teaching you how to defend against it. So in the Defend modules, I'll teach you exactly what tools you need to protect your site from the attacks you've just learnt.

The Attack modules will link through to Defend modules, so you can match up your hacking skills directly with the tools you need to defend against the attacks.

History

Finally, in the History section, you can learn from their mistakes. We'll look at previously disclosed vulnerabilities in Laravel and the community. I'll show you exactly what when wrong, and how they were fixed.

You can go check out the website for all the details: https://practicallaravelsecurity.com/

Course Structure

Ok, so... At a minimum the course will include full text articles for each module, as well as practical exercises. I haven't yet decided if I'll include videos for each module or not. They are by far the hardest medium for me to work with - but I'll see what I can do. For some attacks, a video would be incredibly helpful, so maybe I'll include videos with some.

Let me know your thoughts on this!

Regarding the practical exercises, some of them will pose a fun challenge to make safe. XSS and SQLi are easy - they can be done in the local browser and a read-only database connection, but allowing malicious file uploads and RCEswill open up some serious security controls... I really want to make them happen, so wish me luck!

Please tell others about PLS!

I would really appreciate it if you could share Practical Laravel Security with your dev circles, team mates, managers, and anyone else who might be interested. I don't have a huge reach - security isn't an easy industry to grow a large following in - so every bit helps. Retweet and Boost my posts, or post your own, it all helps. Thank you. 🥰

What about Laravel Security in Depth?

I mentioned this last week, but the list has grown significantly since then and I've had some questions on socials, so I wanted to reiterate this one.

Some of you may be wondering what's going to happen with my newsletter, Laravel Security in Depth? Nothing will change. 😁

The idea is that they compliment each other, rather than overlap and reuse content. I love writing the emails each week, so I definitely want to make it unique. The course is focused on specific vulnerabilities and how to find and fix them in your own code, so it will be a very practical look at things. While the newsletter will look more at concepts, implementations, recent changes in Laravel, etc, looking into security implementations. Also looking at concepts like the OWASP Top 10 - which will guide the course in a way, but won't be featured directly.

Ok my friends, I believe that is everything I need to cover! Please let me know if you have any questions about the course. 🙂

If you don't already, you can follow me on Twitter (@valorin) and Mastodon (@valorin@infosec.exchange).

I hope you all have a great weekend!

Thanks,
Stephen