Debug Android Without Wire
March 05, 2017
“No technology that's connected to the internet is unhackable.”
Abhijit Naskar,
No, the above quote is not by me though the names are same. But the quoto so true.
Security can be measured in two ways. One is security of the server and another one is application security.
Laravel is a framework. It is a tool for building your project. It can not secure the application you are developing.
On the other hand security of the server basically depends on the server maintenance. Like which server is used, how the network setup is, whether ssl certificate is used or not,
The security is mostly depends on the developer. How the database is set up. Who has the admin acces, who has database access.
Also security depends on some others aspects such as most developers use cloudfare as ddos protection.
I ran a variety of penetration tests, OWASP ZAP scanner, sqlsus and 5+ tools including bbqsql and similar things for DB pen tests, nmap for port scanning, then switched ZAP to attack mode to perform various XSS and CSRFs and found no vulnerabilities from Laravel itself - just a couple of things from my server itself which I patched up.
It's important to say that no application is 100% secure as it depends a lot on how you do things.
However, Laravel does do a pretty good job out of the box by protecting you from
Laravel has pretty good protection from some of the common vulnerabilities like ddos, xss, sql-injection, csrf. Explained a bit better below :
This is a pretty short overview of Laravel security. Once you start opening yourself up with file uploads etc it can be a little bit more tricky In short, I've found Laravel to be secure from all the attacks I've ever run by using Eloquent and sanitising input where required, along with the correct use of blade syntax and the CSRF token.
Tags : Laravel, Laravel Security, Security, Hacking, PHP
Keywords : Laravel, XSS, DDoS