Stephen Rees-Carter on Substack: "⚠️ Top 10 Laravel security issues I've found during audits ⚠️ #8 → Insufficient Rate Limiting Rate limiting is essential for limiting bot attacks, and don't forget it on other sensitive routes like MFA. Otherwise brute-forcing a 6-digit SMS token in 5 minutes is trivial. 😈"

⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#8 → Insufficient Rate Limiting

Rate limiting is essential for limiting bot attacks, and don't forget it on other sensitive routes like MFA. Otherwise brute-forcing a 6-digit SMS token in 5 minutes is trivial. 😈

1 Like

∙

1 Restack

7:06 AM

∙

Apr 14, 2023