Attack Types

What Is Phishing?

In Laravel Applications

Protect your Laravel application's users from phishing by implementing SPF/DKIM/DMARC (preventing email spoofing from your domain), preventing subdomain takeovers (which can host fake login pages), and using HTTPS everywhere.

Example

An attacker takes over an abandoned subdomain (staging.yourapp.com) and creates a fake login page. They send emails from your domain (possible without DMARC) directing users to the fake page.

Related Terms

SPF, DKIM, and DMARC

Three complementary email authentication standards that prevent email spoofing. SPF (Sender Policy Framework) specifies which servers can send email for your domain. DKIM (DomainKeys Identified Mail) adds a cryptographic signature to verify emails were not tampered with. DMARC (Domain-based Message Authentication, Reporting & Conformance) tells receiving servers how to handle emails that fail SPF/DKIM checks.

Subdomain Takeover

A vulnerability where a DNS record (usually a CNAME) points to an external service that is no longer controlled by the domain owner. An attacker can claim the abandoned service and serve their own content on the subdomain, which appears to be part of the legitimate domain.

Related Articles

The Complete Laravel Security Checklist for 2026

A comprehensive, 30-point security checklist covering every layer of your Laravel application. From .env protection and security headers to debug mode detection and DNS security.

What Is External Attack Surface Management (EASM)?

External Attack Surface Management continuously discovers and monitors your internet-facing assets for security risks. Learn how EASM differs from DAST, SAST, and pentesting, and why every team shipping web apps needs it.

What Is an Attack Surface? A Developer's Guide

An attack surface is the total number of points where an attacker can try to enter or extract data from your system. Understanding yours is the first step to reducing it.