You see the headlines virtually daily: another data breach. Customer details stolen. An exposed index server or file repository containing millions of sensitive records.
The worst of all is that these are usually quite rudimental attacks targeting very well-known vectors like malware and social engineering. Even though no system is ever 100% safe, there are several approaches you can follow to make your web application more secure.
OWASP & Laravel
The Open Web Application Security Project (OWASP) is an international non-profit organisation dedicated to creating awareness about web application security.
The OWASP Top Ten is a standard awareness guide about web application security and consists of the topmost critical security risks to web applications.
Laravel is one of my favourite PHP frameworks. I’ve used it extensively over the years for anything from small business sites to large fintech and e-commerce applications demanding security at the core.
The great thing is, Laravel takes care of many of these security features out the box.
The Top 10 Security Risks
The top 10 security risks currently are:
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialisation
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring
I’ll run through the OWASP Top Ten in more detail and note how you can harden your Laravel web applications with some basic security best practices.