What Is Subdomain Takeover?
A vulnerability where a DNS record (usually a CNAME) points to an external service that is no longer controlled by the domain owner. An attacker can claim the abandoned service and serve their own content on the subdomain, which appears to be part of the legitimate domain.
In Laravel Applications
Subdomain takeovers happen when you decommission a service (Heroku, GitHub Pages, S3) but forget to remove the DNS record. Regular DNS audits and continuous monitoring catch stale records before attackers exploit them.
Example
Your staging.yourapp.com CNAME points to a Heroku app you deleted. An attacker creates a new Heroku app on that hostname and now controls staging.yourapp.com, which they use for phishing.
Related Terms
DNS Security
The practice of protecting Domain Name System infrastructure from attacks and misconfigurations. DNS security includes preventing cache poisoning, unauthorized zone transfers, subdomain takeovers, and ensuring proper email authentication (SPF, DKIM, DMARC).
Attack Surface
The total set of points where an attacker can try to enter or extract data from a system. This includes every API endpoint, open port, login form, file upload, third-party integration, and piece of infrastructure reachable from the outside.
Phishing
A social engineering attack where an attacker impersonates a trusted entity to trick victims into revealing sensitive information (credentials, financial data) or performing harmful actions (clicking malicious links, downloading malware). Phishing typically occurs via email but also through SMS, phone calls, and fake websites.
Related Articles
How to Security Audit a Laravel Application: A Practical Guide
A step-by-step guide to auditing the security of a Laravel application. Covers dependency scanning, configuration review, external scanning, code review patterns, and how to prioritize findings.
Subdomain Takeover: How Dangling DNS Records Put Your Laravel App at Risk
Dangling DNS records are one of the most overlooked attack vectors in Laravel deployments. Learn how subdomain takeover works, why deprovisioned cloud resources create exploitable gaps, and how to protect your application.
Laravel CORS Misconfiguration: How Wildcard Origins Let Any Site Call Your API
Your Laravel CORS config might be letting any website make authenticated API calls as your users. We break down the 3 most dangerous cors.php misconfigurations, show how attackers exploit them, and give you the exact fix for each one.
Related Fix Guides
How to Fix Weak SSL/TLS Configuration in Laravel
Your SSL/TLS certificate is expired, misconfigured, or using weak protocols. Learn how to fix SSL issues for your Laravel app.
How to Fix an Exposed .git Directory
Your .git directory is publicly accessible, allowing attackers to download your entire source code and commit history. Fix it now.
How to Fix Subdomain Takeover Vulnerabilities
Dangling DNS records pointing to decommissioned services allow attackers to take over your subdomains. Learn how to find and fix them.
Monitor Your Laravel Application's Security
StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.
Start Free Trial