Introducing Laravel Security in Depth

I started Laravel Security in Depth as a way to share my security knowledge with the Laravel community, and have a lot of fun doing so. My goal is to provide a community for everyone, regardless of their skill level and prior experience in security, where you can learn new things and ask questions, and learn to love security as much as I do.

It’s definitely grown over time, and I’m not just talking about subscriber numbers! First I was just sending out emails, but then I had the crazy idea to build an intentionally vulnerable demo site, so now you can execute your own SQL Injection, Cross-Site Scripting attacks, play with Enumeration attacks and IDORs. We’ve also started discussion posts, in which I explain a concept, give my recommendations, and then discuss why there isn’t a simple fix, throwing it out to the community to discuss.

Join us to learn more about Laravel security!

Paid subscribers are sent my monthly In Depth emails, weekly security tips/discussions and have access to the extra features like our intentionally vulnerable demo site. Free subscribers are sent a monthly security tip.

Your support means so much, and I know you’ll learn a lot by being a subscriber.

You can learn more about Laravel Security in Depth here, or feel free to reach out via email ([email protected]), and you can find me on Twitter as @valorin.

(This is the original announcement post – I’ve added the description above to keep it updated with the current status of LSID.)

I’d like to introduce a new project I’ve just started: Laravel Security in Depth. It’s something I’ve never tried before, or even considered as an option until recently, and I’m very excited to dive into it and see how it grows.

What is Laravel Security in Depth?

Laravel Security in Depth is a paid mailing list, powered by Substack. The idea is that each month I will send out an in depth analysis of a concept of Laravel Security. We could be looking at existing tooling and how best to use it to keep our apps secure, or exploring custom code and design patterns to write secure solutions, or anything else we’re interested in. Between the monthly emails, I’ll be sending out weekly security tips to fill in the time. Free subscribers will just receive one of these tips each month.

I’m also looking forward to subscribers suggesting topics they’d like covered, or sending through code snippets they’d like analysed (and shared with the list). This way we can look at security topics that are relevant to subscribers, and explore more topics.

Think of it like diving into a topic in one of my conference talks, only in depth. I tend to skim over a few topics to cover a lot of ground and get the concepts and mindset across to the audience. This will all me to dive into a concept and share a lot of information in one go.

Who is it for?

I’m aiming the list at Laravel developers, although anyone involved in the Laravel development ecosystem will get something out of it. The idea is to look directly at code, and talk about code designs and Laravel features.

Developers are responsible for the security of their code, so they are the people I am trying to reach with this list.

Why now?

I finished up my last full time job a month ago, and am working with my wife on WithExtraVeg, so have much more flexibility in my time. As part of preparing for my Laracon Online talk, I realised that there is only so much I can fit into a 30-minute conference talk every few months. Starting a mailing list and sharing my knowledge can reach more people with more information. So I decided to jump in the deep end give it a go.

Substack was appealing as it allowed me to simply sign up and have everything set up for me. So it’ll be a journey for all of us, as I explore a new tool and what it can do, while you learn more about security.

How do I sign up?

Jump on over to the Substack site, and subscribe:

I hope you see you on the list!

Leave a Reply

Your email address will not be published. Required fields are marked *