Need Help Assessing Potential Vulnerabilities in My Laravel Project

[anggi135]

Select Topic Area

General

Body

Repository:
https://github.com/anggi135/project/tree/v2

Hi everyone! 👋
I would like to request help from the community to perform pentesting, security review, or any kind of vulnerability assessment on my Laravel-based project.

🧪 What I want to know

I’m looking for feedback in these areas:

• Are there any potential vulnerabilities in my code?

• Is my authentication, authorization, and session handling secure?

• Are there risks related to input validation, file uploads, or API endpoints?

• Any possibility of common security issues such as

  • SQL Injection
  • XSS
  • CSRF
  • Path Traversal
  • Hardcoded secrets
  • Misconfigured permissions

• Is the project following best practices for Laravel security?

📦 Project Details

• Laravel version: (your version if you want to add)

• Includes features such as:

  • Fuzzing tool
  • API testing panel
  • CRUD operations for testing results

• Environment: Local development for cybersecurity learning

🙌 Why I'm asking

I want to ensure my application is safe to use and learn security best practices from others who are more experienced. Any suggestions, findings, or improvement tips would be greatly appreciated!

Thank you in advance for your time and help! 🚀

[bad-antics]

For Laravel security assessment, here are key areas to check:

Common Laravel Vulnerabilities:

1. Mass Assignment - Check $fillable/$guarded in models
2. SQL Injection - Use Eloquent, avoid raw queries
3. XSS - Use {{ }} not {!! !!} in Blade
4. CSRF - Ensure @csrf on forms
5. Auth Bypass - Check middleware on routes

Tools:

• php artisan route:list - Review exposed routes
• Laravel Debugbar (disable in prod!)
• OWASP ZAP for automated scanning
• Burp Suite for manual testing

Quick Checklist:

• APP_DEBUG=false in production
• Strong APP_KEY
• HTTPS enforced
• Rate limiting on auth routes
• Input validation on all forms

Happy to help review specific concerns!

[bad-antics]

Laravel security checklist:

1. Mass Assignment - check $fillable/$guarded
2. SQL Injection - use Eloquent ORM
3. XSS - use {{ }} not {!! !!}
4. CSRF - ensure @csrf on forms
5. APP_DEBUG=false in production
6. Strong APP_KEY
7. HTTPS enforced
8. Rate limiting on auth

Tools: OWASP ZAP, Burp Suite, Laravel Security Checker

Happy to help with specifics!

[anggi135]

thanks bro