Blog

Latest insights on Laravel security, best practices, and security monitoring.

Securing Laravel Queues and Background Jobs
Security 11 min read

Securing Laravel Queues and Background Jobs

Your queue runs code with no user watching, often with elevated access, on payloads sitting in plaintext. Here is how to encrypt sensitive jobs, lock down the backend, validate user input inside handle(), and keep failed_jobs from leaking your secrets.

Matt King
Matt King
July 14, 2026
Read More
SSRF in Laravel: The Risk Hiding in Http::get()
Security 11 min read

SSRF in Laravel: The Risk Hiding in Http::get()

A single user-supplied URL passed into Laravel's HTTP client can let an attacker read your cloud metadata and steal IAM credentials. Here is how SSRF works and how to build a URL validator that actually blocks it.

Matt King
Matt King
June 25, 2026
Read More
Securing Your Laravel CI/CD Pipeline: A Practical DevSecOps Guide
Security 14 min read

Securing Your Laravel CI/CD Pipeline: A Practical DevSecOps Guide

With 70% of teams releasing continuously, your CI/CD pipeline is a high-value target. This guide covers securing GitHub Actions and GitLab CI for Laravel projects: secrets management, composer audit integration, SAST scanning, container security, deployment hardening, and artifact signing with practical YAML configs.

Matt King
Matt King
June 16, 2026
Read More
CVE-2026-23524: Laravel Reverb RCE via Insecure Deserialization (CVSS 9.8)
Security 10 min read

CVE-2026-23524: Laravel Reverb RCE via Insecure Deserialization (CVSS 9.8)

Laravel Reverb versions 1.6.3 and below have a critical insecure deserialization vulnerability. When horizontal scaling is enabled, Reverb passes Redis channel data directly into unserialize() without class restrictions. If your Redis is unauthenticated, attackers can achieve full remote code execution. Here is how to check and fix it.

Matt King
Matt King
May 19, 2026
Read More
What Is External Attack Surface Management (EASM)?
Security 10 min read

What Is External Attack Surface Management (EASM)?

External Attack Surface Management continuously discovers and monitors your internet-facing assets for security risks. Learn how EASM differs from DAST, SAST, and pentesting, and why every team shipping web apps needs it.

Matt King
Matt King
March 11, 2026
Read More

Stay Updated on Laravel Security

Get actionable security tips, vulnerability alerts, and best practices for Laravel apps.