Các lỗi bảo mật trong Laravel và cách phòng chống!

Image for post
Image for post

CSRF

https://x.com/product/1/delete
<img height=”0" width=”0" src=”https://x.com/product/{id}/delete">
<form method="POST" action="/profile">
@csrf
...
</form>

XSS (Cross Site Scripting)

<script>alert(“Opps! Your website is Hacked.”)</script>

SQL Injection

HTTPS

namespace App\Providers;
use URL;
use Illuminate\Support\Facades\URL;
use Illuminate\Support\ServiceProvider;
class AppServiceProvider extends ServiceProvider
{
public function boot()
{
if(config('app.env') === 'production')
URL::forceScheme('https');
}
}

Rate Limit Requests

Route::group(['prefix' => 'api', 'middleware' => 'throttle'], function () {
Route::get('people', function () {
return Person::all();
});
});
HTTP/1.1 200 OK
... other headers here ...
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
HTTP/1.1 429 Too Many Requests
... other headers here ...
Retry-After: 60
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0
HTTP/1.1 429 Too Many Requests
... other headers here ...
Retry-After: 30
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 0

Replay Attack

Written by

Be Curious!| ☕️+✍🏼=❤️ | buihuycuong.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store