Benieuwd wat wij voor uw organisatie kunnen betekenen? Boek een demo

Security

Security components for Laravel projects 

Secure communication: HTTPS 
We will request an SSL certificate to provide a secure connection between the server and the client. 

SSH Access: Private keys 
SSH connections to the production servers will be available through private keys, secured with a passphrase. The private keys will be given out only to a limited group of developers who really need it. 

Password hashing: Bcrypt with unique salt 
All user passwords will be hashed one-way, with a unique salt per password. These passwords cannot be reversed and because of the salt, rainbow tables are useless. The passwords will never be stored in plain text. 

Encryption of sensitive data: AES-256-CBC 
If needed, sensitive data can be encrypted using AES encryption (AES-256-CBC cipher), with an encryption key. This key is generated on the production server and stored on file, outside the webfoot and outside of version management. 

SQL Injection: Parameterized queries 
To prevent SQL injection, an ORM (Eloquent) is used, which only uses parameterised queries. This way, it is never possible to inject malicious user-supplied input into queries. 

XSS Protection: Safe output by default 
To prevent XSS, a secure tempting engine (Twig or Blade) is used. Variable escaping is turned on by default, so only when it is explicitly required and output is trusted, it will have raw output. 

CSRF Protection: On by default 
A CSRF token is generated on every session and required on all POST/PUT/DELETE requests by default. This will require that every form uses the CSRF token. This way, cross site requests are not possible. 

Authentication and Authorization 
Authentication is built-in in Laravel, which uses secure practices as described above (secure cookies, hashed passwords etc.). It also provides mechanisms to protect routes based on the login status and can be used to verify certain roles for certain areas. 

Validation 
Laravel includes a validation component, to securely validate the user input, for example required files, expected types (images/numbers/emails) or unique/existing rows. 

Configuration variables 
Sensitive configuration is saved in a ‘. env’ file, which is not stored in the GIT repository and not in the webroot, but only accessible on the production server. This will be used to store database passwords, encryption keys and key/secrets for services like AWS. 

GIT versioning and backups 
The application source will be stored in a git repository. This repository will not contain any sensitive information and/or database passwords

OMS4Business | ©2025

Algemene Voorwaarden  Privacy statement  Security  AVG