Laravel security
This one-day course is designed for Laravel developers who want to build secure applications from the ground up. You’ll learn to identify common vulnerabilities, apply Laravel’s built-in protections, and adopt best practices to secure authentication, authorization, input validation, and more.
Program:
Global configuration
- Basic PHP security
- Global configuration
- Sessions
- APP_KEY
The basics
- Raw PHP in views
- Inputs validation
- Logging and Error handling
- Updates and Backups
- Tricking bots
Cookies & sessions
- Global configuration
- Laravel specific
- Session fixation
Passwords & encryption
- Encrypt/decrypt data
- Passwords validation
- Reset passwords
Authentication & permissions
- Official packages
- Laravel passport
- Gates and policies
- Users / roles / permissions
Rate limiting
- Usage
- Ratelimit actions / routes / definition
File uploads & file storage
- What is it?
- Validation rules and Sanitization
- Storages configuration and usage
- Authorization / permissions / visibility
Mass assignment
- What is it?
- Expectation vs reality
- How to protect?
Excessive data exposure
- What is it?
- How to protect?
- Take away
Sql injection
- What is it?
- Prepared statements
- Parameter binding
- Dangers
- Take away
Cross site scripting
- What is it?
- Crontrollers
- Templates
- Input sanitization
- External helps
Cross site request forgery
- What is it?
- CSRF token
- Middleware
- Forms
- X-csrf-token and X-xsrf-token
Cross origin resources sharing
- What is it?
- Configuration
- allowed_origins and supports_credentials
Gwendal Le Coguic - contact@glc.st - quotes on request - SIRET 79778302400038