4 Security benefits to using the Laravel Framework with your web project

4 Security benefits to using the Laravel Framework with your web project

11th July 2019

Laravel has now been around since 2011, and in that time it has grown a lot. Both in its robust, out of the box features, as well as in its popularity. From a security perspective, Laravel is quickly becoming the go-to PHP Framework for applications, here are five great reasons why:

4: SQL Injection Protection

Using the Fluent Query Builder or Eloquent that comes out of the box with Laravel using PDO in the background, you are protected from SQL Injection through the frameworks use of prepared statements that will escape any user inputs that may come in through your website’s forms.

3. Cross-Site Request Forgery (CSRF) Protection

Cross-site request forgeries are a type of exploit where unauthorized commands are performed on behalf of an authenticated user. Preventing this is as simple in Laravel as adding @csrf to your HTML form – this will, in turn, using Blade (Laravels Template Engine) will generate a csrf token field. In-built middleware will then automatically verify this token.

2. Cross-Site Scripting Protection

Cross-site scripting isn’t dissimilar from SQL Injection. Allowing malicious users to inject HTML/JavaScript code on to one of your web pages. This could be as simple as adding something like alert(‘Boo!’); in a comment section which then goes unsanitised which would then annoyingly pop up for any users on that page, or it could be used for much more sinister purposes such as obtaining passwords or redirecting users. Laravel protects your site from this through its syntax and smart sanitization.

1. Cookie Protection

With Laravel you can generate an Encryption Key (previously called Application Key in older versions). Laravels built-in cookie class uses this key to then create secure encrypted hashes/strings. Laravel will then protect your website’s cookies using hashing and ensuring they go untampered.