Profile avatar
valorin.bsky.social
Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.šŸ•µļø I write securinglaravel.com and hack stuff on stage for fun. šŸ˜ˆ I'm found elsewhere too: https://pinkary.com/@valorin šŸŖ„
816 posts 2,288 followers 494 following
Regular Contributor
Active Commenter
Posts 28 Comments 22

Starting to lock in details for the Pre-Laracon Security workshop in Brisbane! šŸŽ‰ It'll be the morning of Wednesday 12th November - the day before Laracon AU, at a venue really close to the conference. I'll get ticket sales open soon, but sign up at workshop.valorinsecurity.com to keep informed.

submitted 3 days ago ā€¢ 0 comments

It's incredibly common to find hardcoded domains used for identifying admins, however this also makes it trivial to escalate privileges to admin! šŸ˜ˆ securinglaravel.com/security-tip... #Laravel

submitted 4 days ago ā€¢ 0 comments

"Don't Roll Your Own Crypto" applies to password generators too! It's way too easy to unknowingly lower your entropy by trying to be clever... šŸ˜± securinglaravel.com/security-tip... #Laravel

submitted 5 days ago ā€¢ 0 comments

I recorded the Larabelles Podcast trailer/intro šŸ‘€. Let me know what you think! Iā€™m going with my gut on this, Iā€™m a bit nervous about the direction I want to take it, but as always, Iā€™m doing it anyway šŸ˜…. larabelles.com/podcast

submitted 5 days ago ā€¢ 4 comments

It may be tempting to reach for env() outside your config files, but you may be introducing subtle bugs, or exposing your app to compromise... šŸ˜± securinglaravel.com/security-tip... #Laravel

submitted 5 days ago ā€¢ 0 comments

šŸŽ‰ Tickets for #LaraconAU are ON SALE now! We return to QUT's Gardens Theatre on November 13-14 for two days of learning, connecting, and - of course - levelling up your Laravel skills!

submitted 6 days ago ā€¢ 1 comment

Tomorrow is the day!! šŸŽ‰ Who else is coming to #LaraconAU?

submitted 6 days ago ā€¢ 0 comments

Looking forward to bringing @laracon.au back to Brisbane this November 13-14. Tickets go on sale tomorrow! Get ready to #LevelUp

submitted 6 days ago ā€¢ 0 comments

It may seem like a harmless debugging tool, with a bunch of boring config values and version numbers, but phpinfo() is a goldmine of sensitive data - even when it's "protected" in an admin account! šŸ˜ˆ securinglaravel.com/security-tip... #Laravel

submitted 11 days ago ā€¢ 0 comments

We're close to announcing all of this year's details - closer than you'd think! If you want to be the first to know when @laracon.au tickets go on sale, join the list at laracon.au and get ready to #LevelUp in Brisbane with us!

submitted 12 days ago ā€¢ 0 comments

So many spinning plates at the moment, between trying to organise workshops, trips, sponsors, audit/pentest clients, etc... šŸ„“ To keep up with all I'm doing, sign up to securinglaravel.com. The "Appendices" after each email has everything coming up, and any opportunities. šŸ™

submitted 12 days ago ā€¢ 0 comments

On the subject of Laravel Security Workshops, any companies in the EU or UK interested in an in-person workshop for their team? I'm hoping to book a few around @laravellive.dk. šŸ¤“ I've transformed "Th1nk Lik3 a H4cker" into a much bigger, fully-interactive, workshop format! šŸ˜ˆ

submitted 12 days ago ā€¢ 1 comment

Excited to report that I've had a lot of interest, so I'm looking into venues for a half-day on Wed morning (12th Nov), so you just have to come a day early! šŸŽ‰ If you're interested and want to keep in the loop, I've popped up an announcements mailing list: workshop.valorinsecurity.com

submitted 13 days ago ā€¢ 0 comments

submitted 13 days ago ā€¢ 0 comments

Ok Aussie & NZ friends, would anyone be interested in coming to a half or full day security workshop in Brisbane the week before @laracon.au (i.e. Mon, Tues, or Wed)? šŸ¤“ If there is enough interest, I'll start looking for a venue and figure out pricing, etc. #LaraconAU

submitted 14 days ago ā€¢ 2 comments

I miss the days when TV shows had more episodes, smaller budgets, and space to breathe. Wheel of Time was an incredible show, but 8 eps per season wasn't enough, and the "expectations of success" were set too high. šŸ˜­ What am I going to alternate years with Rings of Power now?

submitted 15 days ago ā€¢ 1 comment

šŸ’” Quick Open Source/Content Creator Funding Pro Tip ā€¼ļø If you want to encourage sponsorships of your package, tool, or content, offer something in return You don't have to become a "filthy capitalist" to start seeing some financial reward for your hard work

submitted 17 days ago ā€¢ 1 comment

Just bypassed CloudFlare Access on a client's site! šŸ˜ˆ Ask Me Anything! Note, my NDA prevents me from answering anything even vaguely relevant, but feel free to ask... šŸ¤£

submitted 17 days ago ā€¢ 2 comments

I've been considering this for a while, so it's time to throw it out into the world... Securing Laravel is now open to sponsorships! šŸŽ‰ Your company can sponsor my weekly Security Tips, supporting my work in improving security within the Laravel and PHP communities . šŸ‘‰ securinglaravel.com/sponsor

submitted 18 days ago ā€¢ 0 comments

It's comments like these that make all the work I put into my big articles like securinglaravel.com/in-depth-a-d... so worth it! šŸ„°

submitted 19 days ago ā€¢ 0 comments

Let's take a dive into the security of Laravel's new Starter Kits to see how they handle authentication, what security features they include, and what areas could be improved! šŸ¤“ (This is part 1, I only got through the first kit...) securinglaravel.com/in-depth-a-d... #Laravel

submitted 19 days ago ā€¢ 0 comments

I just achieved the impossible and found a really cool 8-character .com domain available to registered. Now I just need to build that side-project to go with it. šŸ¤£

submitted 24 days ago ā€¢ 1 comment

Accepting File Uploads from your users is always a risky proposal, but have you considered just how easily uploaded files can be used to bypass CSRF and cookie protections? securinglaravel.com/security-tip... #Laravel

submitted 25 days ago ā€¢ 0 comments

The recently patched XSS in CommonMark's Attributes extension offers an interesting look at what happens when two different features conflict, one being a security feature, the other a knowingly vulnerable extension... šŸ¤“ securinglaravel.com/security-tip... #Laravel

submitted 26 days ago ā€¢ 0 comments

w00t! Securing Laravel has hit 4,000 subscribers! šŸŽ‰ Thanks for all the support over the last 4 years, you give me the momentum to keep writing each week. To celebrate, I've hidden a suitable premium subscription discount somewhere on the site... see if you can find it. šŸ˜ˆ

submitted 26 days ago ā€¢ 1 comment

Laracon AU is an awesome conference, and an unbeatable speaker experience. If you haven't submitted yet, you really should.

submitted 26 days ago ā€¢ 0 comments

LEGO can take my money now. I must have this. And yes, Balrog's have wings.

submitted 28 days ago ā€¢ 0 comments

Well, it's been almost 2 months since I started writing "In Depth: A Deep Dive into Laravel's New Starter Kits!"... and it's finally being published! šŸŽ‰ A long last, subscribers will get to learn what I think of the new Starter Kits, and why it took 2 months to get this out. securinglaravel.com

submitted 28 days ago ā€¢ 1 comment