Everything on Security.

laravel June 5th, 2026

Laravel 13 PreventRequestForgery: Origin-Aware CSRF Protection in 5 Minutes

Laravel 13 renames VerifyCsrfToken to PreventRequestForgery and adds a Sec-Fetch-Site origin check on top of the token. Here's what changed, how to configure it, and the upgrade traps.

7 min read →

stripe May 11th, 2026

Stripe Identity Verification in Laravel: KYC Without a Compliance Vendor

Stripe Identity is right there in the dashboard you already use, costs $1.50 per US check, and rides on the same session + webhook pattern as Checkout.

11 min read →

laravel April 14th, 2026

Ditching Passwords: Setting Up Passkeys in Laravel 13

Passkeys are phishing-resistant, require no remembered secrets, and the browser handles the crypto. Here's how to add them to a Laravel 13 app in under an hour.

8 min read →

laravel March 29th, 2026

Fine-grained rate limiting on Laravel API routes

Slapping throttle:60,1 on every route treats your free-tier users and enterprise customers identically. Here's how to do it properly with named rate limiters.

5 min read →

laravel March 21st, 2026

Verifying Stripe webhook signatures in Laravel without Cashier

You don't need Laravel Cashier to verify Stripe webhook signatures. Here's the minimal setup using the Stripe PHP SDK directly in a controller.

5 min read →

php March 13th, 2026

How to audit PHP dependencies (practical guide)

How to audit PHP Composer dependencies for security, license and maintenance issues, with tools and a small script you can run today.

5 min read →