StackShield

Security Documentation

Learn how to identify and fix security vulnerabilities in your Laravel applications

↑↓ to navigate Enter to select Esc to close
Browse documentation

Welcome to StackShield Documentation

This comprehensive documentation library provides step-by-step guides for identifying and fixing security vulnerabilities in Laravel applications. Each guide includes detailed explanations, code examples, and best practices to help you secure your application.

How to use this documentation

  • Browse security issues by category below or use the search bar to find specific topics
  • Each guide shows the security risk, impact, and complete fix instructions
  • Copy code examples directly to your project with one click
  • Follow verification steps to confirm the vulnerability is fixed

Want automated security monitoring? StackShield continuously scans your Laravel application for these vulnerabilities and alerts you in real-time when issues are detected.

Product Guides

Getting Started

Learn what StackShield does and how to get up and running in minutes.

Security Checks

Create and manage domain checks with customizable security tests.

Scans & Results

Run scans, understand results, and review individual test findings.

Issues & Tracking

Track, resolve, and export security issues across your domains.

Notifications

Configure email, Slack, Teams, and webhook alerts for your team.

Scheduling

Set up automated recurring scans on hourly, daily, weekly, or monthly schedules.

Teams & Settings

Manage team members, roles, and account settings.

Billing & Plans

Understand plans, features, usage limits, and manage your subscription.

CI/CD Integration

Trigger scans from GitHub Actions, GitLab CI, and any CI/CD pipeline.

Application Security

View all →

Laravel Ignition Exposure

Easy

Checks if Laravel Ignition error page is exposed in production.

5 minutes

Laravel Telescope Exposure

Easy

Checks if Laravel Telescope debugging tool is exposed in production.

10 minutes

Laravel Debug Mode

Easy

Checks if Laravel debug mode is enabled in production.

5 minutes

CSRF Protection

Easy

Verifies CSRF token implementation on forms and APIs.

10 minutes

File Upload Security

Medium

Tests file upload endpoints for security vulnerabilities.

30 minutes

Session Configuration

Easy

Validates session security settings and configuration.

10 minutes

Nikto Web Server Scan

Medium

Scans web servers for dangerous files, outdated software, and misconfigurations using Nikto. Requires domain verification.

30 minutes

SQL Injection Scan

Hard

Automated SQL injection detection and testing using SQLMap. Requires domain verification.

1-2 hours

Technology Fingerprinting

Easy

Identifies web technologies, frameworks, and their versions for vulnerability assessment using WhatWeb.

15-20 minutes

WordPress Security Scan

Medium

Scans WordPress sites for vulnerable plugins, themes, and core version issues using WPScan.

30-60 minutes

Web Application Vulnerability Scan

Hard

Scans web applications for XSS, XXE, SSRF, and other OWASP vulnerabilities using Wapiti. Requires domain verification.

1-3 hours

Infrastructure Security

View all →

Security Headers

Easy

Detects missing headers (CSP, HSTS, X-Frame-Options).

10 minutes

SSL/TLS Security

Medium

Checks SSL expiration, weak ciphers, and HSTS.

45 minutes

Cloud Storage Exposure

Medium

Detects public AWS S3, GCP, and DigitalOcean buckets.

20 minutes

Nmap Port Scanning

Hard

Comprehensive network and port scanning with service version detection using Nmap.

1 hour

IP Reputation

Medium

Checks if the domain IP is listed in abuse databases.

30 minutes

DNS Security

Medium

Checks DNS configuration and security settings.

30 minutes

WAF Detection

Easy

Detects the presence and type of Web Application Firewall protecting the target using wafw00f.

15-30 minutes

Authentication & Authorization

View all →

Brute Force Protection

Easy

Tests if login page blocks repeated failed login attempts.

15 minutes

JWT Token Security

Medium

Detects weak JWT tokens (HS256, missing exp).

30 minutes

CORS Misconfiguration

Medium

Identifies insecure CORS headers (Access-Control-Allow-Origin: *).

20 minutes

API Rate Limiting

Easy

Checks if API endpoints implement proper rate limiting.

15 minutes

File & Directory Security

View all →

Exposed .env Files

Easy

Checks if .env files are publicly accessible.

5 minutes

Directory & File Exposure

Easy

Scans for publicly accessible sensitive files (logs, .git).

5 minutes

Sensitive Laravel Files

Easy

Checks for exposed sensitive Laravel files (.git, logs, config).

10 minutes

Directory Bruteforce Scan

Medium

Discovers hidden directories and files using dictionary-based brute forcing with Gobuster. Requires domain verification.

20-30 minutes

Email & Domain Security

View all →

Subdomain Takeover

Medium

Detects unclaimed subdomains pointing to external services.

30 minutes

Email Security

Medium

Checks email configuration for security best practices.

45 minutes

DNS Reconnaissance

Medium

Comprehensive DNS enumeration and zone transfer testing using DNSRecon.

30-45 minutes

Subdomain Discovery

Medium

DNS reconnaissance and subdomain discovery using Fierce.

30 minutes

Ready to secure your Laravel app?

StackShield automatically detects these security issues in your application and alerts you in real-time.

Start Free Trial Learn More