Sent on

Safely Handling HTML and Markdown!


Hey there,

It's been a while since my last update - sorry about that. January has been a busy month, but I'm back home after Laracon EU and diving right into Practical Laravel Security!

HTML and Markdown

First up, I'm excited to announce that our third module, HTML and Markdown, has been published! This is the second module to go with our XSS module, alongside Escaping Output. If you've already signed up, head over and check it out!

In this module we explore how to safely render HTML, both from WYSIWYG (and other) editors, as well as the raw HTML the user providers, and also take a look at Markdown and why it's not secure by default.

We also cover one of the big areas where Laravel is not secure by default. So you'll want to know about this!

Up Next will be a new Attack module. I'm currently thinking about SQL Injection, or Cross-Site Request Forgery (CSRF). Both will involve some rather fun challenges to go alongside the XSS challenges.

I'll send out an update when I get started so you know what's comig next. If there is something specific you're interested in learning about, let me know and I can bump it up the list!

Early Access Is Coming! 🎉

Now that the third module is ready, I'll be officially launching Early-Access next week on Thursday (Australian time)! 🎉

Early-Access gives you complete access to the first three modules: Cross-Site Scripting (XSS) including the challenges, Escaping Output, and HTML and Markdown. Together these encompass one of the most common attack vectors we see in Laravel apps. You'll also automatically get access to future modules as they are released.

If you haven't signed up yet, you'll want to get in now for the special presale price of $249 USD! I'll be raising the price when Early-Access launches.

Sign up for the presale

  • Payment Plans are available, just $89 USD for 3 months.

  • Team Pricing is available - contact me for details.

  • Student and PPP discounts are available, contact me for details.

Already signed up but don't have access?

If you've already signed up for the course but haven't set up your account yet, reply to this email and let me know. I can resend your invite email so you can get straight in. 🙂

Thanks for your interest and support of Practical Laravel Security! It's awesome to see so many people interested in security within the Laravel community.

Thanks,
Stephen