Laravel

Open-source PHP-based web framework for building web applications

Custom Features

The MVC design pattern separates the application’s logic (Model) from the user interface (View), and defines clear responsibilities for handling user input (Controller).
Uses Eloquent ORM for interacting with the database, providing an elegant and secure ActiveRecord implementation (automatically escapes parameters in queries).

Authorization/Authentication

API Authentication:
- Offers Passport full OAuth2 server implementation.
- Sanctum: A simple way to authenticate SPAs (Single Page Applications) and mobile applications using simple token-based authentication.
Rate Limiting:
- Check the rate limiting middleware effectively protect against brute-force attacks and ensure API endpoints can't be DDOSed.
bcrypt for Password Hashing:
- Uses bcrypt by default for hashing passwords.

Session Management

Automatically generates a CSRF token for every active user session.
The session ID is typically stored in the user's browser under a cookie like laravel_session.
The cookies should have HttpOnly enabled. Check it at config/session.php:

'secure' => env('SESSION_SECURE_COOKIE', null),
'http_only' => true,

Session Drivers
- File: Default Driver.
  - Ensure that the session files aren't in a location that is not publicly accessible. (storage/framework/sessions).
- Database: Normally use it when persistence across multiple servers is needed
  - Check the session table access control and database's connections.
- Redis: Normally use when the application needs high-performance.
  - Ensure that is properly configured
- Cookie: Session data is stored directly in a cookie in the client-side
  - Check the cookie is not storing sensitive data.
Modify session data and investigate the requests to know the type of driver being used by the application. ( the session data is being stored in a database table or it's stored in memory?)
When the session expires. Check that the session data and the client’s cookie have been removed or invalidated.

Encryption

Support AES-256-CBC encryption.
Uses an API for encrypting and decrypting data with automatic key management.

Enumeration

Tools: Laravel Security and Laravel Auditing.
Check if .env, storage/ are publicly accessible.
- In the .env file; Check APP_DEBUG=false.
Ensure that Debugbar is not enabled.
Check if the application validate the URL during redirects.
Check all form's CSRF tokens.
Check that model's properties properly handle mass assignment. ($fillable or $guarded on Eloquent models).
IDOR: Check validation on user input for model binding in routes:

Route::get('user/{id}', ...)

`Whitebox` Commands:

Show all available routes:

php artisan route:list

Regenerate application keys:

php artisan key:generate

Clear or refresh config caches when testing for configuration issues.

php artisan config:cache

View the status of database migrations:

php artisan migrate:status

Roll back migrations can change the database schema:

php artisan migrate:rollback

Useful for seeding the database with test data to check for SQLi vulnerabilities or data leakages:

php artisan db:seed

PreviousHashiCorp Vault NextExpress

Last updated 2 months ago

Laravel

Open-source PHP-based web framework for building web applications

Custom Features

The MVC design pattern separates the application’s logic (Model) from the user interface (View), and defines clear responsibilities for handling user input (Controller).
Uses Eloquent ORM for interacting with the database, providing an elegant and secure ActiveRecord implementation (automatically escapes parameters in queries).

Authorization/Authentication

API Authentication:
- Offers Passport full OAuth2 server implementation.
- Sanctum: A simple way to authenticate SPAs (Single Page Applications) and mobile applications using simple token-based authentication.
Rate Limiting:
- Check the rate limiting middleware effectively protect against brute-force attacks and ensure API endpoints can't be DDOSed.
bcrypt for Password Hashing:
- Uses bcrypt by default for hashing passwords.

Session Management

Automatically generates a CSRF token for every active user session.
The session ID is typically stored in the user's browser under a cookie like laravel_session.
The cookies should have HttpOnly enabled. Check it at config/session.php:

'secure' => env('SESSION_SECURE_COOKIE', null),
'http_only' => true,

Session Drivers
- File: Default Driver.
  - Ensure that the session files aren't in a location that is not publicly accessible. (storage/framework/sessions).
- Database: Normally use it when persistence across multiple servers is needed
  - Check the session table access control and database's connections.
- Redis: Normally use when the application needs high-performance.
  - Ensure that is properly configured
- Cookie: Session data is stored directly in a cookie in the client-side
  - Check the cookie is not storing sensitive data.
Modify session data and investigate the requests to know the type of driver being used by the application. ( the session data is being stored in a database table or it's stored in memory?)
When the session expires. Check that the session data and the client’s cookie have been removed or invalidated.

Encryption

Support AES-256-CBC encryption.
Uses an API for encrypting and decrypting data with automatic key management.

Enumeration

Tools: Laravel Security and Laravel Auditing.
Check if .env, storage/ are publicly accessible.
- In the .env file; Check APP_DEBUG=false.
Ensure that Debugbar is not enabled.
Check if the application validate the URL during redirects.
Check all form's CSRF tokens.
Check that model's properties properly handle mass assignment. ($fillable or $guarded on Eloquent models).
IDOR: Check validation on user input for model binding in routes:

Route::get('user/{id}', ...)

`Whitebox` Commands:

Show all available routes:

php artisan route:list

Regenerate application keys:

php artisan key:generate

Clear or refresh config caches when testing for configuration issues.

php artisan config:cache

View the status of database migrations:

php artisan migrate:status

Roll back migrations can change the database schema:

php artisan migrate:rollback

Useful for seeding the database with test data to check for SQLi vulnerabilities or data leakages:

php artisan db:seed

PreviousHashiCorp Vault NextExpress

Last updated 2 months ago

Custom Features

Authorization/Authentication

Session Management

Encryption

Enumeration

Whitebox Commands:

Custom Features

Authorization/Authentication

Session Management

Encryption

Enumeration

Whitebox Commands:

`Whitebox` Commands:

`Whitebox` Commands: