CyberPanda Blog

Insights and Advice for Improving Web Applications Security

Laravel Validation Rule Injection

Deep dive into Laravel Validation Rule Injection vulnerabilities and how it can lead to DDoS attack and/or SQL injections.
October 12, 2020

Taking Over Laravel Nova Admin Panel via an XSS Attack

While doing a security test for a client we noticed that Laravel Nova Textarea field is not encoding HTML which can lead to an account takeover in this case.
September 11, 2020

XSS Attack Vectors in Laravel Blade

XSS attacks have been reported and exploited since the 1990s but still, sometimes we see cases when developers underestimate how dangerous the attack can be because of the fact that it’s executed on the browser, not on the server. In this articles, we will cover different XSS attack vectors that we wound are most common in Laravel applications
August 27, 2020

SQL Injections In Laravel

But developers usually make mistakes by assuming Laravel protects from all SQL injections, while there are some attack vectors that Laravel can’t protect, here are the most common causes of SQL injections that we saw in modern Laravel applications during our security checks.
July 14, 2020

Mass Assignment Vulnerabilities in Laravel Applications

Eloquent like many other ORMs have a nice feature that allows assigning properties to an object without having to assign each value individually, this is a nice feature that saves a lot of time and lines of code but can lead to a vulnerability if used incorrectly.
June 10, 2020

Contact us today
for a free consultation.
Do not delay when it comes to security.
Contact us today for a free consultation.
    Thanks for contacting us!
    We will be in touch with you shortly.