Stephen Rees-Carter is a security consultant, ethical hacker, and international speaker specializing in Laravel and PHP security. With 20+ years of PHP experience, he helps developers write secure code and protect applications through practical, real-world security knowledge.
9 articles from this blog
Explains how Unicode transliteration can bypass security measures like rate limiting in Laravel apps and how to fix it.
Explains why and how to block compromised passwords in Laravel using the Pwned Passwords service, with advice on user communication.
A Laravel security tip on using Git's selective staging (git add -p) to review code before committing, preventing secrets or debug code from being pushed.
A Laravel security tip emphasizing the critical importance of validating all user input to prevent unexpected behavior and security vulnerabilities.
Explains the importance of parameterised queries in Laravel to prevent SQL injection attacks, making database interactions secure.
A Laravel security tip explaining how to use a custom encryption key for encrypted model attributes instead of the default app key.
Explains the subtle but critical security difference between SMS-based Two Factor Authentication (2FA) and insecure SMS-based account recovery.
A developer shares the story of debugging a tricky PHP unit test failure caused by a single missing character (an equals sign).
A critical look at the privacy risks of modern online rental application systems and the proliferation of personal data across third-party platforms.
