StackShield
Security Concepts

What Is Attack Vector?

A specific method or path an attacker uses to exploit a vulnerability and gain unauthorized access to a system. While the attack surface is the total collection of entry points, an attack vector is the specific technique used against one of those entry points.

In Laravel Applications

Common attack vectors against Laravel applications include SQL injection through unparameterized queries, XSS through unescaped Blade output ({!! !!}), CSRF attacks on forms missing @csrf, and brute-force attacks against login endpoints without rate limiting.

Example

A brute-force password attack against /login is an attack vector. The /login endpoint itself is part of the attack surface.

Related Terms

Attack Surface

The total set of points where an attacker can try to enter or extract data from a system. This includes every API endpoint, open port, login form, file upload, third-party integration, and piece of infrastructure reachable from the outside.

Vulnerability

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

Exploit

A piece of code, technique, or sequence of actions that takes advantage of a vulnerability to produce unintended behavior. Exploits turn theoretical vulnerabilities into actual security breaches.

Related Articles

The Intercom PHP Hack: How a Composer Plugin Stole Credentials From Thousands of Developers

On April 30, 2026, attackers compromised intercom/intercom-php on Packagist (20.7 million lifetime installs). The malicious version auto-executed as a Composer plugin, downloading Bun and exfiltrating GitHub tokens, SSH keys, and environment variables. Here is what happened and how to protect yourself.

PHP Security Audit: A Developer's Guide Beyond Laravel

A comprehensive PHP security audit guide covering dependency scanning, php.ini hardening, input validation, common vulnerability classes, static analysis tools, and web server configuration.

Laravel Session Security: Cookies, Hijacking & config/session.php

A deep dive into Laravel session security. Learn how cookie flags, session drivers, and config/session.php settings protect against hijacking, fixation, and sidejacking attacks.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial