Categories
Development LaraSec Security

Why Parameterised Queries Are Important

This is the fourth security tip from my Laravel Security in Depth newsletter, sent out to all subscribers on October 8th. Please subscribe if you’d like these tips delivered weekly. Laravel provides an expressive fluent interface for building database queries, either as raw queries through the query builder or as part of Eloquent (Laravel’s Object-Relational Mapper, ORM). The query builder allows […]

Categories
Security

Introducing Laravel Security in Depth

I’d like to introduce a new project I’ve just started: Laravel Security in Depth. It’s something I’ve never tried before, or even considered as an option until recently, and I’m very excited to dive into it and see how it grows. What is Laravel Security in Depth? Laravel Security in Depth is a paid mailing […]

Categories
Security Development

CSRF Is Dead, Long Live SameSite=Lax! (or is it?)

In the original version my talk “Think Like a Hacker and Secure WordPress, live on stage“, I demonstrated a Cross-Site Request Forgery (CSRF) attack. While this attack worked perfectly during WordCamp Brisbane 2019, in-progress changes to Google Chrome (version 80) are bringing about the end of CSRF. (Well, sort of…) In light of this change, […]

Categories
Development Security Tutorials

Sign Git Commits With A Keybase GPG Key

A relatively unknown and underused feature of Git is the ability to cryptographically sign commits. It is an optional feature that provides a way for the author of a commit to prove ownership. It uses the author’s GPG key to leave a signature in the commit that can be checked later. If you’re a Keybase […]

Categories
Random thoughts

Hello World (again)!

Welcome to my new website. It’s been a long while since I rebuilt my last one (two jobs ago, infact!), so I figured I should launch a new site and get back into the blogging thing. It may surprise some of you, but my site is now running on WordPress again. Yup, WordPress. There are […]