Stephen Rees-Carter :laravel:

This profile might be incomplete.
Open on phpc.social

Stephen Rees-Carter :laravel:

Social Links:

https://pinkary.com/@valorin

Newsletter:

https://securinglaravel.com

Course:

https://practicallaravelsecurity.com

Security Audits:

https://valorinsecurity.com

Personal info

About:

Friendly Hacker, Speaker, and PHP & Laravel Security Specialist.🕵️
I hack stuff on stage for fun. 😈
I used to be found at: https://infosec.exchange/@valorin
#searchable

Wall 1 post

Stephen Rees-Carter :laravel:

You may have heard of the /.well-known/ path, and the security.txt file, but there is a new one you should be aware of too:

/.well-known/change-password

It should redirect to your change password form, so password managers can easily send users there.

https://securinglaravel.com/security-tip-a-well-known-url-for/

Like 17 September at 11:05 | Open on phpc.social

Show previous comments

CatSalad🐈🥗 (D.Burch) :blobcatrainbow:

@valorin @TindrasGrove I propose a new standard to indicate if one of my many, many catsalad accounts are located there (in case I forget)

/.well-known/catsalad

Contents should just contain 🐈🥗

17 September at 20:26 | Open on infosec.exchange

David Peach

@valorin I've never understood what the well-known directory path was for. Maybe I should look into it. Thanks for this.

17 September at 21:30 | Open on phpc.social

bob.php :veritrek_gold:

@valorin yeah no thanks i have a massive cron framework just for cleaning up the remnants bad libraries leave behind in .well-known, i absolutely hate it.

17 September at 23:03 | Open on phpc.social

Go Up