Stephen Rees-Carter (@valorin) / X

Stephen Rees-Carter

9,537 posts

Stephen Rees-Carter

@valorin

Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️ I write securinglaravel.com and hack stuff on stage for fun. 😈 (he/him)

Brisbane, Queensland

Joined February 2009

Pinned
Stephen Rees-Carter
@valorin
Jun 4, 2024
All my socials 👉 pinkary.com/@valorin Laravel Security: 1️⃣ Weekly Security Tips & In Depth Articles: securinglaravel.com 2️⃣ Practical Security Course: practicallaravelsecurity.com 3️⃣ Security Audits and Penetration Tests: valorinsecurity.com
5.8K
Stephen Rees-Carter
@valorin
Oct 1, 2023
Ok Laravel folks, it's time to increase your bcrypt rounds because 10 is no longer considered secure enough. securinglaravel.com/p/security-tip… #PHP #Laravel
102K
Stephen Rees-Carter
@valorin
Mar 9, 2022
I’ve recently started doing @laravelphp security audits & pentests, and thought it would be interesting to share the process I've developed for doing them. #Laravel #Security 🧵 (Is this a thing now?)
Stephen Rees-Carter
@valorin
Nov 1, 2022
I'm always talking about not using IP as part of rate limiting because it can be easily changed... Today I learned (thanks to an awesome client 🥰), about this super elegant syntax for multiple rate limiters! (How did I not know about this??) laravel.com/docs/8.x/routi… #Laravel
Stephen Rees-Carter
@valorin
Dec 24, 2022
Laravel Security In Depth -- Security Tip: Multiple Rate Limits larasec.substack.com/p/security-tip…
14K
Stephen Rees-Carter
@valorin
Oct 4, 2023
One of my favourite (and oh so simple) hacker tricks is to abuse JSON support in APIs and pass TRUE instead of the actual API key. If the code does loose comparison, you don't need the key! 😎 😈 🍿 securinglaravel.com/p/security-tip… #PHP #Laravel
26K
Stephen Rees-Carter
@valorin
Nov 10, 2022
Introducing: Practical Laravel Security! 🥳 A new hands-on course to teach you how to secure your apps through interactive exercises, so you don't make the same mistakes I see every day audits that leave your apps vulnerable! 👉 practicallaravelsecurity.com #Laravel #security #PHP
Practical Laravel Security - Secure Your Laravel Apps
From practicallaravelsecurity.com
Stephen Rees-Carter
@valorin
Jan 1, 2023
Laravel Security In Depth -- Security Tip: Restricting Local File Access
Security Tip: Restricting Local File Access
From larasec.substack.com
13K
Stephen Rees-Carter
@valorin
Jul 21, 2023
Since we don't talk about our failures enough, I want to talk about my failure yesterday, on stage at @LaraconUS in front of 800 people... During my talk, a rude password was submitted by an audience member and accidently selected as the "correct password". 🧵 #Laracon #LaraconUS
49K
Stephen Rees-Carter
@valorin
Dec 22, 2017
Replying to @abdurrakhimov
If three senior devs can't mentor a single junior dev over a year to make the time investment worth it... something is wrong with your senior devs...
Stephen Rees-Carter
@valorin
Jul 1, 2023
Dear @laravelphp community: can we please pick another platform to hang out on? This place is no longer usable with pointless arbitrary reading limits. #Laravel
25K
Stephen Rees-Carter
@valorin
Apr 10, 2022
Please don't do this. All it does is frustrate your users who want to do normal things like copy-and-paste and don't (or can't) use keyboard shortcuts.
Omar Bawazir
@omarmazin_
Apr 10, 2022
💡 JavaScript tip : Disable right Click in your WebSite #ReactJs #React #Developers #dev #FullStack #Hackers #WebDev #Hack #css #vscode #coders #coding #vueJs #Python #php #ruby
Stephen Rees-Carter
@valorin
Nov 12, 2022
It's been 48 hours since I introduced Practical Laravel Security and the response has been overwhelming, thank you so so much! 🥰 My plan is to get all the details up on the site this week. I'll also be sending out an email soon too with more info. 👉
Practical Laravel Security - Secure Your Laravel Apps
From practicallaravelsecurity.com
Stephen Rees-Carter
@valorin
Jan 23, 2022
Don't forget in #Laravel, you can escape values inline using the e() helper function. Not just using the blade {{ }}. Also, if you're unescaping output, look for other ways to achieve the same goal without unescaping. Like CSS for formatting.