In this module we explore how to safely render HTML, both from WYSIWYG (and other) editors, as well as the raw HTML the user providers, and also take a look at Markdown and why it's not secure by default.
We also cover one of the big areas where Laravel is not secure by default. So you'll want to know about this!
Up Next will be a new Attack module. I'm currently thinking about SQL Injection, or Cross-Site Request Forgery (CSRF). Both will involve some rather fun challenges to go alongside the XSS challenges.
I'll send out an update when I get started so you know what's comig next. If there is something specific you're interested in learning about, let me know and I can bump it up the list!
Early Access Is Coming! 🎉
Now that the third module is ready, I'll be officially launching Early-Access next week on Thursday (Australian time)! 🎉
Early-Access gives you complete access to the first three modules: Cross-Site Scripting (XSS) including the challenges, Escaping Output, and HTML and Markdown. Together these encompass one of the most common attack vectors we see in Laravel apps. You'll also automatically get access to future modules as they are released.
If you haven't signed up yet, you'll want to get in now for the special presale price of $249 USD! I'll be raising the price when Early-Access launches.