laravel-security
Laravel Security Best Practices
Comprehensive security guidance for Laravel applications to protect against common vulnerabilities.
When to Activate
- Adding authentication or authorization
- Handling user input and file uploads
- Building new API endpoints
- Managing secrets and environment settings
- Hardening production deployments
How It Works
- Middleware provides baseline protections (CSRF via
VerifyCsrfToken, security headers viaSecurityHeaders). - Guards and policies enforce access control (
auth:sanctum,$this->authorize, policy middleware). - Form Requests validate and shape input (
UploadInvoiceRequest) before it reaches services. - Rate limiting adds abuse protection (
RateLimiter::for('login')) alongside auth controls. - Data safety comes from encrypted casts, mass-assignment guards, and signed routes (
URL::temporarySignedRoute+signedmiddleware).
More from affaan-m/everything-claude-code
security-review
Use this skill when adding authentication, handling user input, working with secrets, creating API endpoints, or implementing payment/sensitive features. Provides comprehensive security checklist and patterns.
7.9Kgolang-patterns
Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.
7.4Kcoding-standards
Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
6.7Kfrontend-patterns
Frontend development patterns for React, Next.js, state management, performance optimization, and UI best practices.
6.6Kbackend-patterns
Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.
6.6Kgolang-testing
Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and test coverage. Follows TDD methodology with idiomatic Go practices.
6.1K