Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Browse all series

Laravel Security Through Examples

In this series, we'll use examples of weaknesses and vulnerabilities that are commonly found in Laravel applications to illustrate the variety of security concerns you need to be aware of as a Laravel developer. This includes general SQL injection attacks, serialization, validation, and much more. Ready to get started?

Progress

Series Info

Episodes
12
Run Time
2h 37m
Difficulty
Intermediate
Last Updated
Mar 9, 2023
Version
Latest
Play Series

Series Episodes

  1. Episodes (12)

    1. Deploying Securely

      To kick off this series, we'll review some of the basics that you absolutely need to be doing when making your app world-accessible.

    2. Missing Authorisation

      In this episode, we'll look at a very common weakness I've found in most apps that I've audited: missing authorisation.

    3. Validation

      Next, let's discuss why validating user input is so vitally important for protecting your applications. We'll also touch on password rules, mass assignment limitations, and more!

    4. SQL Injection, Sqlmap, and the Apostrophe Trick

      It's easy to overlook SQL injection when you use a fully-featured ORM like Eloquent, but SQLi vulnerabilities can still sneak in if you're not careful. In this lesson, I'll demonstrate the single apostraphe trick, and how to use sqlmap to find SQLi vulnerabilities.

    5. Never Trust User Input

      This next lesson illustrates one of the most important pieces of security advice that I can offer you. Never, ever trust user input. Let's explore why!

    6. Markdown Security Concerns

      I've got some bad news for you... Markdown isn't safe! Well, at least not by default. Let's take a look at why and how we can make Markdown safe to use in your own projects.

    7. Sensitive Attributes

      It's important to remember that passing data to the browser as part of an API call is very different from rendering a server-side application. If you need to pass data to the browsert, you must be aware of which data you're actually passing.

    8. Why Rate Limiting is a Must

      Let's next have a look at what rate limiting is, and why it's so critical to the security of your applications. Without it, I'll show you a variety of examples of how common passwords can be brute-forced.

    9. Signed Routes

      Let's next dive into one of my favorite Laravel features: signed routes! These make it incredibly easy to protect and secure sensitive routes with only two lines.

    10. Type Juggling

      Not only is type juggling one of PHP's superpowers, but it's also, if you're not careful, one of its biggest weaknesses. Let's explore why, the pitfalls of PHP 7.4, and what the upgrade to PHP 8 changed.

    11. The Only Cryptographically Secure Random Functions You'll Ever Need

      It's important to learn from other's mistakes, so let's take a look at a few simple but critical flaws that I've encountered with "crypto."

    12. Deserialisation Attacks...and the Solution

      Let's finish up by exploring a deserialisation attack and how it works in the context of a PHP application. We'll use this attack to gain shell access to a user's machine.

Continue Learning

Frontend Mentor Challenge with Laravel thumbnail

Frontend Mentor Challenge with Laravel

With Simon Vrachliotis

In this series, we take a Frontend Mentor challenge and build it using Laravel and Tailwind CSS. Rather than chasing pixel-perfect replication, the focus is on pragmatic Laravel and backend logic. Along the way, we explore carts, session state, semantic markup, and UI polish.

  • 27 Episodes
Debugging Real-World Production Nightmares thumbnail

Debugging Real-World Production Nightmares

With Jeremy McPeak

Production bugs don't announce themselves politely. In this series, we confront ten nightmare scenarios using NightmareMart, an intentionally broken e-commerce app, demonstrating how to debug calmly and methodically when everything is on fire.

  • 10 Episodes
Motion For The Web thumbnail

Motion For The Web

With Simon Vrachliotis

Master the art of modern web animation, from subtle CSS transitions to full-blown JavaScript motion systems. This series starts with the fundamentals of smooth, accessible CSS motion, then builds through keyframes, scroll-linked animations, SVG techniques, and the Web Animations API, finishing with powerhouse libraries like Motion.dev, AnimeJS, and GSAP.

  • 43 Episodes
How to Build a Dev Team thumbnail

How to Build a Dev Team

With Matt Stauffer

Resources for learning to code are everywhere. The only hard part is choosing one. But when it comes to learning how to lead a development team, quality resources are incredibly scarce. This course fills that gap. It contains all of the lessons I learned while building the dev team at Tighten, a Laravel consultancy known for producing great work, but with an even better reputation as a fantastic place to work.

  • 12 Episodes
BaseCode Reloaded thumbnail

BaseCode Reloaded

With Jason McCreary

Years and years of hard-fought coding breakthroughs, distilled into sixteen essential lessons.In this course, I'll show you how to write code for humans, not just machines. Together, we’ll review powerful techniques, like naming, structuring, removing clutter, and spotting patterns. These aren’t abstract theories from a dusty book. They’re practical and proven habits that you can apply to your codebase right now. If you’ve ever opened an old file and struggled to understand your own code, this course was made just for you.

  • 16 Episodes