Laravel Security: Top 7 Mistakes Developers Make

I often see the question: "Is Laravel secure?", and in this video, let's take a look at what the framework offers, and how developers use or misuse the security features.

00:00 Intro
00:37 Blade XSS Attack
02:34 Protect Your .env File
04:34 Don't Use $request-all()
05:53 File Upload: Client Data
06:38 APP_DEBUG=true in Production
08:17 CSRF and Route::get()
09:54 Rate Limiting

Links mentioned in the video:
- Blade: Displaying Unescaped Data https://laravel.com/docs/8.x/blade#di...
- How to use Laravel .env and .env.example files? https://blog.quickadminpanel.com/how-...
- Danger of Using $request-all(), and How to Protect    • Danger of Using $request-all(), and H...  
- Uploaded File Information: https://laravel.com/docs/8.x/filesyst...
- Configuration: Debug Mode https://laravel.com/docs/8.x/configur...
- Laravel .env.example: APP_XXX Values Explained    • Laravel .env.example: APP_XXX Values ...  
- CSRF Protection: https://laravel.com/docs/8.x/csrf
- Routing: Rate Limiting https://laravel.com/docs/8.x/routing#...

- - - - -
Support the channel by checking out our products:
- Enroll in my Laravel courses: https://laraveldaily.teachable.com?utm_source=youtube&utm_campaign=top-security-mistakes
- Try our Laravel QuickAdminPanel: https://bit.ly/quickadminpanel
- Buy my ready-made Laravel scripts: https://laraveldaily.gumroad.com
- Purchase my Livewire Kit: https://livewirekit.com
- Subscribe to my weekly newsletter: http://bit.ly/laravel-newsletter