In this course, you'll take a look at how Laravel protects your database and ways you can configure it to protect your system. The Laravel database access layer has a lot of built-in protection from common attacks. However, when you need to customize functionality it can be easy to undo that layer and allow for attacks like SQL injection. In this course, we’ll discuss how Laravel protects your database and look at ways to extend functionality without compromising security. Then, we’ll pivot to performance and reducing the chance of denial of service attacks. Finally, concentrating on a layered approach of security in your app, we’ll focus on the security of properties in an Eloquent model.

The course also covers three related concepts that are compared and analyzed. Securing Laravel passwords and ensuring their complexity is explained. Hashing functionality and algorithms provided by Laravel are also reviewed. Leveraging encryption by hand, as well as where it’s automatically integrated into Laravel, is also discussed. Additionally, the course will discuss two mechanisms for tracking users between requests and storing user information are discussed in this course: sessions and cookies. First, all of the different session configurations and drivers are discussed. We’ll review what is really necessary and what is just hype. Then, using the persistent session storage and flashing session data is reviewed. The course complete with a discussion of the usage and security of Laravel cookies. And finally, the course will cover how Laravel provides functionality to rate limit incoming requests. Rationale for choosing to protect end points, both globally and with segmented or conditional choices, is discussed.