LarScanner simple foundation for building a good Laravel Security Scanner

Just the start to a new library that I hope others will help out on https://github.com/alfred-nutile-inc/larscanner There is a roadmap in the readme.md but basically how to start adding more and more features on this to protect our applications built in Laravel.

December 29, 2016 Read
Laravel Throttle Feature using IP address as Key

NOTE: 5.3, for 5.2 see ending update The Laravel Throttle feature here is a great addition to the framework. By default it uses the username and the IP for the key to count attempts. But I want to cover how to switch that to use an IP only and not the username. A good example of why is a hacker running through a list of emails and passwords just trying to break into sites where that user would use the same password as the site the got the list from.

October 16, 2016 Read
Throttle Password Reset

Laravel Throttle works on failed auth attempts but how about password resets? Here is what I made my app/Http/Controllers/Auth/PasswordController.php look like 5.3 <?php namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Foundation\Auth\ResetsPasswords; use Illuminate\Foundation\Auth\ThrottlesLogins; use Illuminate\Http\Request; use Illuminate\Support\Facades\Log; use Illuminate\Support\Facades\Validator; class PasswordController extends Controller { /* |-------------------------------------------------------------------------- | Password Reset Controller |-------------------------------------------------------------------------- | | This controller is responsible for handling password reset requests | and uses a simple trait to include this behavior.

October 16, 2016 Read
Quick Tip Forcing More Complex Passwords in Laravel

With the great Laravel Docs I will quickly show how to “encourage” the user to set a better password. Going through the standard docs for Authentication we end up with a registration form. Then in the AuthController that comes with Laravel I modify it a bit. protected function validator(array $data) { $messages = ['password.regex' => "Your password must contain 1 lower case character 1 upper case character one number"]; return Validator::make($data, [ 'name' => 'required|max:255', 'email' => 'required|email|max:255|unique:users', 'password' => 'required|confirmed|min:8|regex:/^(?

October 21, 2015 Read
Adding Expose IDS to Laravel MiddleWare

The library is https://github.com/enygma/expose “Expose is an Intrusion Detection System for PHP loosely based on the PHPIDS project (and using it’s ruleset for detecting potential threats).” After seeing it in the latest PHPArch magazine on security I wanted to give it a try. Of course this is far from a complete look. Step 1 Make the MiddleWare php artisan make:middleware ExposeMiddleware Then add Expose as noted in the docs.

September 3, 2015 Read