Is Laravel a secure framework

Laravel mechanisms

Laravel is one of the most secure framework. But only Frameworks are not responsible to manage security for you, It depends on the developer who writes codes.

Laravel offers various mechanisms to secure a website. Some of are listed below:

  • Encryption
  • Storing Password
  • Authenticating Users
  • Cross-site request forgery (XSS)
  • Avoiding SQL injection
  • Protecting Routes
  • HTTP Basic Authentication

Storing Passwords Laravel gives a class called “Hash” class. “Hash” provides secure Bcrypt hashing. The password can be hashed in the following way.

$password = Hash::make('secret');

check(): Function make() will take a value as an argument and will return the hashed value. The hashed value can be checked using the check() function in the following way.

Hash::check('secret', $hashedPassword

The above function will return the Boolean value. It will return the true value if password matched and vice-versa.

Authenticating Users

Laravel has made this task easier and to do this we can use Auth::attempt method in the following way.

if (Auth::attempt(array('email' => $email, 'password' => $password))) {  return Redirect::intended('home');}

Cross-site request forgery (XSS)

Cross-site scripting (XSS) attacks happen when attackers are able to place client-side JavaScript code in a page viewed by other users.The double-brace syntax

({{ $value }})
in your Blade templates, and Use the
{!! $value !!}
syntax, where you are certain the data is secure to display in raw format.

Avoiding SQL injection

SQL injection vulnerability exists when an application inserts arbitrary and unfiltered user input in an SQL query.

Protecting Routes

Laravel makes it very easy to create, read, and expire cookies with its Cookie class.

HTTP Basic Authentication

HTTPS prevents attackers from the same network to prevent private information such as session variables, and log in as the victim.

Laravel Security Packages:

Laravel provides several packages to enhance the security of its applications.

Laravel Security:

Laravel security Package removing XSS vulnerabilities in the codebase. It has been ported from Codeigniter 3 into Laravel 5.

Laravel-ACL:

Laravel-ACL provides role-based secured permissions to the Laravel authentication process.

Laravel Security Component:

Laravel security component provides security for the roles/objects