Secure Coding in Laravel

In this course, you'll take a look at how Laravel protects your database and ways you can configure it to protect your system. The Laravel database access layer has a lot of built-in protection from common attacks. However, when you need to customize functionality it can be easy to undo that layer and allow for attacks like SQL injection. In this course, we’ll discuss how Laravel protects your database and look at ways to extend functionality without compromising security. Then, we’ll pivot to performance and reducing the chance of denial of service attacks. Finally, concentrating on a layered approach of security in your app, we’ll focus on the security of properties in an Eloquent model. The course also covers three related concepts that are compared and analyzed. Securing Laravel passwords and ensuring their complexity is explained. Hashing functionality and algorithms provided by Laravel are also reviewed. Leveraging encryption by hand, as well as where it’s automatically integrated into Laravel, is also discussed. Additionally, the course will discuss two mechanisms for tracking users between requests and storing user information are discussed in this course: sessions and cookies. First, all of the different session configurations and drivers are discussed. We’ll review what is really necessary and what is just hype. Then, using the persistent session storage and flashing session data is reviewed. The course complete with a discussion of the usage and security of Laravel cookies. And finally, the course will cover how Laravel provides functionality to rate limit incoming requests. Rationale for choosing to protect end points, both globally and with segmented or conditional choices, is discussed.

To get started in this beginning course on Laravel, we will examine what prerequisites you need to get the most out of this specialization. We’ll discuss the different ways to install the Laravel framework and focus on the most secure choice. We also will talk about the security concerns of using third-party packages. The course will introduce some tips on how to audit your application after a third-party package is installed. Finally, we'll share resources to stay up-to-date with Laravel. Securing configuration and secrets is one of the most important parts of your Laravel app. This course will focus on using the configuration system properly, securing environment secrets and ways to force SSL for your Laravel app. In addition, log filtering and exception handling systems are constructed to reduce the chance of leaking sensitive information. Validation is necessary to secure input from both users and third-parties. In this course, we’ll discuss what things to validate, why to validate them and how to use Laravel’s built-in rules to get the most secure validation configuration. We'll examine using form requests to validate for controllers, as well as using inline-validation for commands. Finally, custom validation is also built and dissected. Authentication is the first half of securing user access to your Laravel application. In this course, we’ll cover how to authenticate users in Laravel and the reasons why. We’ll discuss and examine the built-in Laravel authentication kits and explain which kit is best for which use case. Even if you have unique authentication requirements, Laravel’s authentication system can be used and we’ll show how with a custom authentication provider. Authorization is the second half of securing user access to your Laravel application. In this course, we’ll discuss the different built-in options Laravel has to provide authorization. Gates, a simpler solution, will be compared to the more advanced policy system. Extending the authorization system with roles and permissions with a third-party package is also demonstrated. Finally, best practices of using authorization will be presented, including making sure not to fall into some common traps.