Security Documentation
Learn how to identify and fix security vulnerabilities in your Laravel applications
Welcome to StackShield Documentation
This comprehensive documentation library provides step-by-step guides for identifying and fixing security vulnerabilities in Laravel applications. Each guide includes detailed explanations, code examples, and best practices to help you secure your application.
How to use this documentation
- Browse security issues by category below or use the search bar to find specific topics
- Each guide shows the security risk, impact, and complete fix instructions
- Copy code examples directly to your project with one click
- Follow verification steps to confirm the vulnerability is fixed
Want automated security monitoring? StackShield continuously scans your Laravel application for these vulnerabilities and alerts you in real-time when issues are detected.
Product Guides
Getting Started
Learn what StackShield does and how to get up and running in minutes.
Security Checks
Create and manage domain checks with customizable security tests.
Scans & Results
Run scans, understand results, and review individual test findings.
Issues & Tracking
Track, resolve, and export security issues across your domains.
Notifications
Configure email, Slack, Teams, and webhook alerts for your team.
Scheduling
Set up automated recurring scans on hourly, daily, weekly, or monthly schedules.
Teams & Settings
Manage team members, roles, and account settings.
Billing & Plans
Understand plans, features, usage limits, and manage your subscription.
CI/CD Integration
Trigger scans from GitHub Actions, GitLab CI, and any CI/CD pipeline.
Application Security
View all →Laravel Ignition Exposure
EasyChecks if Laravel Ignition error page is exposed in production.
Laravel Telescope Exposure
EasyChecks if Laravel Telescope debugging tool is exposed in production.
Laravel Debug Mode
EasyChecks if Laravel debug mode is enabled in production.
CSRF Protection
EasyVerifies CSRF token implementation on forms and APIs.
File Upload Security
MediumTests file upload endpoints for security vulnerabilities.
Session Configuration
EasyValidates session security settings and configuration.
Infrastructure Security
View all →Security Headers
EasyDetects missing headers (CSP, HSTS, X-Frame-Options).
SSL/TLS Security
MediumChecks SSL expiration, weak ciphers, and HSTS.
Cloud Storage Exposure
MediumDetects public AWS S3, GCP, and DigitalOcean buckets.
Nmap Port Scanning
HardComprehensive network and port scanning with service version detection using Nmap.
IP Reputation
MediumChecks if the domain IP is listed in abuse databases.
DNS Security
MediumChecks DNS configuration and security settings.
Authentication & Authorization
View all →Brute Force Protection
EasyTests if login page blocks repeated failed login attempts.
JWT Token Security
MediumDetects weak JWT tokens (HS256, missing exp).
CORS Misconfiguration
MediumIdentifies insecure CORS headers (Access-Control-Allow-Origin: *).
API Rate Limiting
EasyChecks if API endpoints implement proper rate limiting.
File & Directory Security
View all →Email & Domain Security
View all →Ready to secure your Laravel app?
StackShield automatically detects these security issues in your application and alerts you in real-time.