What are the best security auditing tools for Laravel

I have an enterprise-level Laravel web application. We need to show proof that our tool is highly secure. We have been using vera code but its getting highly expensive and getting false positives on laravel core. Any other tools that are recommended? We need to do the following:

We can test multiple code packages.
It works well with laravel so it doesn’t pull up false positives on laravel packages.
It’s easy to use so the team can run tests every month so we can show proof in our security processes.

fylzero

6 years ago

Level 67

@hatslogic Security in an app is subjective. Laravel has a lot of ways to reduce attack surfaces. CSRF, throttling, it prevents SQL injection (so long as you avoid raw queries)... I don't think security is something you need to test monthly as much as something that can be documented and you can stay vigilant about protecting attach vectors as they become apparent.

23 likes

hatslogic

6 years ago

Level 6

@fylzero Our app is being used in a big corporate company and its their company policy to ensure that all tools are being audited for security. We need to prove that security audits are being conducted. We have all the code related precautions covered.

Please or to participate in this conversation.