Radu Ungureanu
@raduphpsec
PHP Security Expert | Laravel, Symfony & WordPress 20+ years building secure web applications B2B Contractor Daily security tips & vulnerability Football fan
Critical vulnerability discovered in King Addons for Elementor (CVE released) arbitrary file upload + privilege escalation possible. Check if you are using this plugin and update to the latest version. if no patch is available, deactivate the plugin. #WordPress #cybersecurity
Before Composer, we copied libraries into /lib manually. Now we install them with a single command. Sadly, SQL injections still install themselves automatically. Some things never change. #php #laravel #composer
Ever used eval() in your PHP code? That’s basically giving attackers a free shell. Even a small injection = remote code execution. If you did, check your logs NOW and replace it with a proper parser or whitelist-based logic. #PHP #infosec #security
Real audit case: Client had admin checks in code only. No Model protection. Easy to bypass with mass assigned is_admin = true Two lines would've stopped it: protected $guarded = ['is_admin']; Or: CHECK (is_admin = false) Code alone = not enough. #lavavel #php
Did you know? Roughly 3 out of 4 websites run PHP for backend. With that kind of footprint, securing your PHP apps isn't optional, it’s essential! #php #websecurity #cybersecurity #laravel
Check your social auth implementation. Bots bypassing my client reCAPTCHA using OAuth login (Google/Facebook) Defense layers: Rate limiting on callbacks Pattern detection in user names Honeypot fields Cyrillic character blocking #php #WebSecurity #oauth #Laravel
Quick Laravel security tip: Never do this: DB::raw("WHERE id = " . $id) Always do this: DB::raw("WHERE id = ?", [$id]) Or better yet: Use Eloquent: Model::find($id) Parameterized queries = Your first line of defense #Laravel #PHP #Security
United States Trends
- 1. Sunderland 96.6K posts
- 2. St. John 5,764 posts
- 3. Jeremiah Smith 1,623 posts
- 4. Arsenal 183K posts
- 5. #GoDawgs 3,622 posts
- 6. Philon N/A
- 7. Texas Tech 9,825 posts
- 8. Trossard 14.9K posts
- 9. Noah Thomas N/A
- 10. #SUNARS 8,953 posts
- 11. #iufb 1,282 posts
- 12. Carnell Tate N/A
- 13. Saka 32.9K posts
- 14. Mississippi State 3,978 posts
- 15. Mendoza 8,076 posts
- 16. Merino 10.5K posts
- 17. Obamacare 178K posts
- 18. Nate Frazier N/A
- 19. Shapen N/A
- 20. Lebby N/A
Something went wrong.
Something went wrong.