Security Concepts

What Is Attack Vector?

In Laravel Applications

Common attack vectors against Laravel applications include SQL injection through unparameterized queries, XSS through unescaped Blade output ({!! !!}), CSRF attacks on forms missing @csrf, and brute-force attacks against login endpoints without rate limiting.

Example

A brute-force password attack against /login is an attack vector. The /login endpoint itself is part of the attack surface.

Related Terms

Attack Surface

The total set of points where an attacker can try to enter or extract data from a system. This includes every API endpoint, open port, login form, file upload, third-party integration, and piece of infrastructure reachable from the outside.

Vulnerability

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

Exploit

A piece of code, technique, or sequence of actions that takes advantage of a vulnerability to produce unintended behavior. Exploits turn theoretical vulnerabilities into actual security breaches.

Related Articles

PHP Supply Chain Attacks: How Malicious Packages Sneak Into composer.json

Typosquatting, dependency confusion, and hijacked maintainer accounts. A breakdown of how PHP supply chain attacks work, real incidents, and what you can do to protect your Composer dependencies.

Subdomain Takeover: How Dangling DNS Records Put Your Laravel App at Risk

Dangling DNS records are one of the most overlooked attack vectors in Laravel deployments. Learn how subdomain takeover works, why deprovisioned cloud resources create exploitable gaps, and how to protect your application.

NIST SP 800-81r3 DNS Security: 6 Changes That Affect Your Infrastructure in 2026

The first NIST DNS security update since 2013. New guidance on Protective DNS, encrypted DNS (DoH/DoT), DNSSEC, and dangling record cleanup. Here are the 6 key changes and what to do.