laravel-security-audit
Audit Laravel Apps for Security Vulnerabilities
Laravel developers need to ensure their applications follow security best practices. This skill provides comprehensive security auditing using OWASP standards and Laravel-specific security knowledge.
下載技能 ZIP
在 Claude 中上傳
前往 設定 → 功能 → 技能 → 上傳技能
開啟並開始使用
測試它
正在使用「laravel-security-audit」。 Review a Laravel controller that fetches user posts by ID
預期結果:
- Issue: Missing Authorization Check
- Risk: High
- Problem: The controller fetches a post by ID without verifying ownership or user permissions.
- Exploit: An authenticated user can access another user's post by changing the ID parameter.
- Fix: Add policy check or scope the query to the authenticated user's posts.
- Example: Post::where('user_id', auth()->id())->findOrFail($id)
正在使用「laravel-security-audit」。 Review file upload validation logic
預期結果:
- Issue: Insufficient File Type Validation
- Risk: Medium
- Problem: Only file extension is checked, MIME type validation is missing.
- Exploit: Attacker could upload a PHP file disguised as an image.
- Fix: Use Laravel's mimeTypes validation rule and store outside public directory.
- Example: $request->file('avatar')->validate(['mimes:jpg,png', 'max:2048'])
安全審計
安全All static analysis findings are false positives. This is an educational/documentation skill containing prompt instructions for security auditing, not executable code. The detected patterns (external_commands, network, env_access) are references to security concepts being taught, not actual vulnerable code. No security risks identified.
品質評分
你能建構什麼
Pre-Deployment Security Review
Review Laravel application code before deploying to production to identify security vulnerabilities.
Code Review Assistance
Integrate security analysis into pull request reviews to catch vulnerabilities early.
Legacy Code Audit
Assess existing Laravel applications for security debt and misconfigurations.
試試這些提示
Review this Laravel controller for security vulnerabilities. Check for proper authorization, input validation, and common OWASP issues.
Perform a comprehensive security audit of this Laravel application. Analyze authentication, authorization, input validation, database queries, file uploads, and API security. Classify each finding by risk level.
Audit the authentication implementation in this Laravel application. Check password hashing, session management, token handling, and Sanctum/JWT configuration for security issues.
Evaluate the API endpoints in this Laravel application for security vulnerabilities. Check rate limiting, authorization, input validation, response sanitization, and mass assignment protection.
最佳實務
- Always use FormRequest classes for input validation and authorization
- Apply the principle of least privilege for database and file system access
- Enable rate limiting on all public API endpoints to prevent abuse
避免
- Using request()->all() without validation in create or update operations
- Checking authorization only in controllers without policy enforcement
- Storing uploaded files in publicly accessible directories without validation