Stephen Rees-Carter Profile picture
Friendly Hacker | Speaker | PHP & Laravel Security Specialist 🕵️ I spend my time doing security audits of Laravel apps and writing at https://t.co/aAATy2Ho9m
Jul 21, 2023 15 tweets 3 min read
Since we don't talk about our failures enough, I want to talk about my failure yesterday, on stage at @LaraconUS in front of 800 people...
During my talk, a rude password was submitted by an audience member and accidently selected as the "correct password". 🧵
#Laracon #LaraconUS First up, I want to make it incredibly clear that this was not the image of myself or my talk I wanted to portray. I apologise to anyone who found it in poor taste or offensive. Although it was submitted by an audience member, it was my talk and responsibility, and I stuffed up.
Mar 9, 2022 17 tweets 5 min read
I’ve recently started doing @laravelphp security audits & pentests, and thought it would be interesting to share the process I've developed for doing them.

#Laravel #Security 🧵 (Is this a thing now?) The first thing I do when starting an audit is to run a couple of passive scans/checks on the public page of the app, and open view source (😱hacker!). These help give an idea of the security awareness level of the dev team, and what to expect in the code.