laravel-security

Solid

Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.

AI & Automation 201,447 stars 30903 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Laravel Security Best Practices Comprehensive security guidance for Laravel applications to protect against common vulnerabilities. ## When to Activate - Adding authentication or authorization - Handling user input and file uploads - Building new API endpoints - Managing secrets and environment settings - Hardening production deployments ## How It Works - Middleware provides baseline protections (CSRF via `VerifyCsrfToken`, security headers via `SecurityHeaders`). - Guards and policies enforce access control (`auth:sanctum`, `$this->authorize`, policy middleware). - Form Requests validate and shape input (`UploadInvoiceRequest`) before it reaches services. - Rate limiting adds abuse protection (`RateLimiter::for('login')`) alongside auth controls. - Data safety comes from encrypted casts, mass-assignment guards, and signed routes (`URL::temporarySignedRoute` + `signed` middleware). ## Core Security Settings - `APP_DEBUG=false` in production - `APP_KEY` must be set and rotated on compromise - Set `SESSION_SECURE_COOKIE=true` and `SESSION_SAME_SITE=lax` (or `strict` for sensitive apps) - Configure trusted proxies for correct HTTPS detection ## Session and Cookie Hardening - Set `SESSION_HTTP_ONLY=true` to prevent JavaScript access - Use `SESSION_SAME_SITE=strict` for high-risk flows - Regenerate sessions on login and privilege changes ## Authentication and Tokens - Use Laravel Sanctum or Passport for API auth - Prefer short-lived tokens with refresh flows for sensi...

Details

Author: affaan-m
Repository: affaan-m/everything-claude-code
Created: 4 months ago
Last Updated: yesterday
Language: JavaScript
License: MIT

Integrates with

Anthropic · AI Laravel · Backend

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Listed

laravel-security

Security audit for Laravel PHP applications including Eloquent mass assignment ($fillable/$guarded), middleware (auth, throttle, csrf), Blade template safety, validation rules, Sanctum/Passport auth, .env handling, query builder safety, and Laravel-specific patterns. Use this skill whenever the user mentions Laravel, php artisan, Eloquent, Blade, Sanctum, Passport, Tinker, Forge, Vapor, or asks "audit my Laravel app", "Laravel security review". Trigger when the codebase contains `composer.json` with `laravel/framework`, `artisan` file, or `app/Http/` directory.

1 Updated 1 weeks ago

hlsitechio

AI & Automation Listed

security

Application security best practices and patterns

0 Updated today

murtazatouqeer

AI & Automation Listed

laravel-security-audit

Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.

335 Updated today

aiskillstore

AI & Automation Featured

laravel-security-audit

Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.

39,350 Updated today

sickn33

AI & Automation Listed

security-and-hardening

Hardens code against vulnerabilities. Use when handling user input, authentication, data storage, or external integrations. Use when building any feature that accepts untrusted data, manages user sessions, or interacts with third-party services.

15 Updated 3 days ago

sampleXbro