I often see the question: “Is Laravel secure?”, and in this video, let’s take a look at what the framework offers, and how developers use or misuse the security features.
00:00 Intro
00:37 Blade XSS Attack
02:34 Protect Your .env File
04:34 Don’t Use $request-all()
05:53 File Upload: Client Data
06:38 APP_DEBUG=true in Production
08:17 CSRF and Route::get()
09:54 Rate Limiting
Links mentioned in the video:
– Blade: Displaying Unescaped Data https://laravel.com/docs/8.x/blade#displaying-unescaped-data
– How to use Laravel .env and .env.example files? https://blog.quickadminpanel.com/how-to-use-laravel-env-example-files/
– Danger of Using $request-all(), and How to Protect https://www.youtube.com/watch?v=QQS5oEOguRU
– Uploaded File Information: https://laravel.com/docs/8.x/filesystem#other-uploaded-file-information
– Configuration: Debug Mode https://laravel.com/docs/8.x/configuration#debug-mode
– Laravel .env.example: APP_XXX Values Explained https://www.youtube.com/watch?v=MeVXMKnRZuM
– CSRF Protection: https://laravel.com/docs/8.x/csrf
– Routing: Rate Limiting https://laravel.com/docs/8.x/routing#rate-limiting
– – – – –
Support the channel by checking out our products:
– Enroll in my Laravel courses: https://laraveldaily.teachable.com?utm_source=youtube&utm_campaign=top-security-mistakes
– Try our Laravel QuickAdminPanel: https://bit.ly/quickadminpanel
– Buy my ready-made Laravel scripts: https://laraveldaily.gumroad.com
– Purchase my Livewire Kit: https://livewirekit.com
– Subscribe to my weekly newsletter: http://bit.ly/laravel-newsletter
