This course focuses on ways to keep your Laravel database secure. It starts with supporting request and response security. First, we’ll discuss how Laravel supports semantic request verbs while still being compatible with browsers. Then, tools to protect against cross-site request forgery and cross-site scripting protection are examined. Then it describes the best practices for applying specific security-related headers to responses are reviewed.

We then move on to the two types of scanning tools that can be used on a Laravel application: developer code-scanning tools and hacker attack tools. In this course, we talk about what tools you should run to scan your code and configuration for security holes and vectors of attack. Additionally, we discuss other tools that a bad actor might use against your website, so you can learn to use them against yourself first and protect yourself proactively. This course also covers two ways of interacting with bad actors: honeypots and tripwires. Tripwires, functionality that matches a specific restricted access and then actively alerts or blocks access, are discussed and demonstrated. Honeypots, functionality attached to the app to monitor suspected bad activity and report on it later, are also reviewed. Closing out this learning path, we’ll talk about what next steps to take to secure your Laravel application and stay connected with the community. You’ll learn how to stay in the know and see what new security weaknesses are out there and whether you’re affected. e.g. This is primarily aimed at first- and second-year undergraduates interested in engineering or science, along with high school students and professionals with an interest in programming.

In this course, you'll take a look at how Laravel protects your database and ways you can configure it to protect your system. The Laravel database access layer has a lot of built-in protection from common attacks. However, when you need to customize functionality it can be easy to undo that layer and allow for attacks like SQL injection. In this course, we’ll discuss how Laravel protects your database and look at ways to extend functionality without compromising security. Then, we’ll pivot to performance and reducing the chance of denial of service attacks. Finally, concentrating on a layered approach of security in your app, we’ll focus on the security of properties in an Eloquent model.

The course also covers three related concepts that are compared and analyzed. Securing Laravel passwords and ensuring their complexity is explained. Hashing functionality and algorithms provided by Laravel are also reviewed. Leveraging encryption by hand, as well as where it’s automatically integrated into Laravel, is also discussed. Additionally, the course will discuss two mechanisms for tracking users between requests and storing user information are discussed in this course: sessions and cookies. First, all of the different session configurations and drivers are discussed. We’ll review what is really necessary and what is just hype. Then, using the persistent session storage and flashing session data is reviewed. The course complete with a discussion of the usage and security of Laravel cookies. And finally, the course will cover how Laravel provides functionality to rate limit incoming requests. Rationale for choosing to protect end points, both globally and with segmented or conditional choices, is discussed.