Laravel Security Reviews

Are you concerned about the security of your application, or worried about potential vulnerabilities and threats that could compromise your sensitive data, but don’t have the budget for a full Security Audit and Penetration Test, or just want a quick check to ensure you haven’t missed anything obvious?

My Laravel Security Reviews are aimed at solo developers and small teams who don’t have the budget for a full security audit, or teams who already have a strong security basis and want an external set of eyes to review their code. They involve checking the basics, configuration, and common weaknesses found in Laravel apps, to find vulnerabilities and misconfigurations that can have a huge impact on your app!

Unlike a full audit, Laravel Security Reviews have a flat cost of $2,500 (USD) per Laravel app, regardless of it’s size or complexity.

To book in a Laravel Security Review, contact me at [email protected] and reference this page specifically.

Note, this isn’t a full security audit or penetration test. If you’re looking for a formal review for compliance reasons, or want a comprehensive security audit of your application, check out my Laravel Security Audits and Penetration Tests.

How It Works

To perform the Security Review I will require:

  1. Access to your code repository. Read-only access is perfect.
  2. The URL of your production site. I won’t be logging in, I just need read-only access to a page served by your app to check security headers, cookies, etc. A login form is perfect.
  3. The URL of your staging/testing site. (optional) As with the production site, I won’t be logging in and will just review public information.

I will run a set of automated and manual heuristic scans and tests on the code and some passive scans on the provided URLs. These tests and scans are based off my experience auditing Laravel apps and are designed to target the common weaknesses and low-hanging fruit that I encounter most during my audits. The majority of issues I find during audits are usually found during this phase of the audit.

I’ll use this information to produce an developer-focused report, outlining any weaknesses and vulnerabilities discovered, and providing recommendations to resolve any issues discovered.

I will not be performing any form of penetration test on your sites, and will not need login details or special access. The review is based entirely upon the code and publicly accessible information on the URLs provided.

What You Get

At the end of the review, you will receive a developer-focused report, outlining any weaknesses and vulnerabilities I discovered, alongside recommendations for resolving these issues.

I will be available via email for a limited period (2 weeks) after the review to clarify any of the findings and answer any questions you may have.



  1. This is not a replacement for a formal security audit or penetration test, and is not suitable for compliance purposes. For a more formal review, please see Laravel Security Audits and Pentesting.
  2. There is no guarantee that existing vulnerabilities will be found within your application, and these findings do not indicate an comprehensive audit of your code. For a comprehensive audit, please see Laravel Security Audits and Pentetration Tests.
  3. The security review only encompasses the Laravel application code and does not include any front-end code or infrastructure configuration.
  4. Client Confidentiality is implied as part of my business, but I am happy to sign NDAs as required.
  5. If you require an onboarding process, VPNs, or other special steps before providing access to your code, you should consider my comprehensive Laravel Security Audits. Please note, extra fees may be charged for any additional time involved in organising access to your code.