Laravel: Configure, Validate, Authenticate and Authorize

University/Institute: Infosec





Description

To get started in this beginning course on Laravel, we will examine what prerequisites you need to get the most out of this specialization. We’ll discuss the different ways to install the Laravel framework and focus on the most secure choice. We also will talk about the security concerns of using third-party packages. The course will introduce some tips on how to audit your application after a third-party package is installed. Finally, we'll share resources to stay up-to-date with Laravel. Securing configuration and secrets is one of the most important parts of your Laravel app. This course will focus on using the configuration system properly, securing environment secrets and ways to force SSL for your Laravel app. In addition, log filtering and exception handling systems are constructed to reduce the chance of leaking sensitive information. Validation is necessary to secure input from both users and third-parties. In this course, we’ll discuss what things to validate, why to validate them and how to use Laravel’s built-in rules to get the most secure validation configuration. We'll examine using form requests to validate for controllers, as well as using inline-validation for commands. Finally, custom validation is also built and dissected. Authentication is the first half of securing user access to your Laravel application. In this course, we’ll cover how to authenticate users in Laravel and the reasons why. We’ll discuss and examine the built-in Laravel authentication kits and explain which kit is best for which use case. Even if you have unique authentication requirements, Laravel’s authentication system can be used and we’ll show how with a custom authentication provider. Authorization is the second half of securing user access to your Laravel application. In this course, we’ll discuss the different built-in options Laravel has to provide authorization. Gates, a simpler solution, will be compared to the more advanced policy system. Extending the authorization system with roles and permissions with a third-party package is also demonstrated. Finally, best practices of using authorization will be presented, including making sure not to fall into some common traps.