How to secure front-end and back-end project ?

Well, you probably won't like the answer, but strong passwords, and make people logout. No remember me. Take the time to learn security well, Whatever RBAC you use, there will be a learning curve to properly implement it.

When using PDO direct, like the db facade, bind your parameters. Also in QB and eloquent "raw" expressions bind when needed. Example a simple count not necessary, but a more critical field, bind.

Properly install laravel, if shared host, main app is above public_html. For D.O. etc, they have tutorials.

@browniecoffee One thing I always tell newer devs... Validation... make your backend validation first and make it rock solid.

Front end validation has nothing to do with security... it is simply a UX enhancement / convenience to the user to not have to wait for the form to be submitted before seeing an error. It literally does nothing beyond that. If you implement front end validation and skip backend validation, your app will be hacked or messed with VERY quickly.

I suggest watching this amazing video from Laracon EU about how an app can be hacked into by not scrubbing data...

https://www.youtube.com/watch?v=kKGGVGiq2y8

I not using Laravel, make sure to implement CSRF protection on all of your forms.

Another good tip is not to expose too much in your APIs. Make sure you scope data only to users that should have it. Any time you are passing an id for information only the logged in user should have like profile info is a red flag. If you have a route that gets profile info like /profile/25 where the user id is 25 and you look that up on the backend using User::find($id) this can be bad because all a user has to do is change ids to access another user's profile. Obviously you can guard against that, but it would be better to use /profile and pull as Auth::user() on the backend.

Utilize Requests and Policies to write authorization and validate everything.

I second @fylzero. I'm always trying to develop by the following motto, as uttered by Everett McGill in Under Siege: https://m.youtube.com/watch?v=wg4trPZFUwc

@etiennepeters Love it! #facts

@fylzero @etiennepeters @jlrdw thank you for your complete answers. i'll get that !!!! ;D

@browniecoffee Security in what context? Application security? Server security?

You can never be too secure. There’s no magical threshold you can cross where your application goes from being “not secure” to “secure”.

Laravel is pretty secure. If you follow proposed guidelines from documentation you should not have any issues unless Neo from Matrix wants to hack your app/site. Policies with validation will get you long way unless you leave some holes.