⚠️ Top 10 Laravel security issues I've found during audits ⚠️

#8 → Insufficient Rate Limiting

Rate limiting is essential for limiting bot attacks, and don't forget it on other sensitive routes like MFA. Otherwise brute-forcing a 6-digit SMS token in 5 minutes is trivial. 😈

Apr 14, 2023
at
7:06 AM