security metrics for laravel website

is there any security metrics that is available or would you recommend to use for testing on a website made from laravel before going to live hosting?

miguel.nascimento

11 years ago

Level 2

Off the top of my head:

Set debugging to false. (I've stumbled upon dozens of sites where debugging was set to true and those sites would come up whenever I googled an error name that came up and I was trying to solve.)
Make sure all your DB queries are SQL-Injection proof. (i.e. use ORM).
Make sure all user input that is being displayed is escaped in blade. {{ }} instead of {!! !!}
Don't store credit card numbers.

JackD

11 years ago

Level 6

thanks bro, but sometime i have to use form in this kind of format

  <form method="POST" action="/ducks" novalidate>

            <div class="form-group">
                <label for="name">Name</label>
                <input type="text" id="name" class="form-control" name="name" placeholder="Somebody Important">
            </div>

            <div class="form-group">
                <label for="email">Email</label>
                <input type="email" id="email" class="form-control" name="email" placeholder="super@cool.com">
            </div>

            <div class="form-group">
                <label for="password">Password</label>
                <input type="password" id="password" class="form-control" name="password">
            </div>

            <div class="form-group">
                <label for="password_confirm">Confirm Password</label>
                <input type="password" id="password_confirm" class="form-control" name="password_confirm">
            </div>

            <button type="submit" class="btn btn-success">Go Ducks Go!</button>

        </form>

Please or to participate in this conversation.