0
0
Laravelframework~20 mins

Security best practices in Laravel - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Laravel Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
What is the primary purpose of Laravel's CSRF protection?

Laravel includes CSRF protection by default. What does this protect your application from?

APrevent attackers from submitting forms on behalf of authenticated users without their consent.
BEncrypt user passwords before saving them to the database.
CLimit the number of login attempts to prevent brute force attacks.
DStop SQL injection attacks by escaping database queries.
Attempts:
2 left
💡 Hint

Think about what happens if a malicious site tries to submit a form on your site without permission.

component_behavior
intermediate
1:30remaining
What happens if you forget to validate user input in a Laravel controller?

Consider a Laravel controller method that processes user input but does not validate it. What is the most likely risk?

Laravel
public function store(Request $request) {
    $data = $request->all();
    User::create($data);
    return redirect('/users');
}
AThe application will run slower but remain secure.
BLaravel will automatically reject the request and show an error page.
CThe user input will be sanitized automatically by Laravel.
DThe application may save invalid or malicious data, leading to security issues like SQL injection or broken data.
Attempts:
2 left
💡 Hint

Think about what happens when you trust user input without checking it.

📝 Syntax
advanced
1:30remaining
Which code snippet correctly hashes a password before saving a new user in Laravel?

Choose the code that securely hashes the password before saving it to the database.

AUser::create(['name' => $name, 'email' => $email, 'password' => hash('sha256', $password)]);
BUser::create(['name' => $name, 'email' => $email, 'password' => $password]);
CUser::create(['name' => $name, 'email' => $email, 'password' => bcrypt($password)]);
DUser::create(['name' => $name, 'email' => $email, 'password' => md5($password)]);
Attempts:
2 left
💡 Hint

Laravel provides a helper function specifically for hashing passwords securely.

🔧 Debug
advanced
2:00remaining
Why does this Laravel middleware fail to block unauthenticated users?

Review the middleware code below. Why does it not redirect unauthenticated users to the login page?

Laravel
public function handle($request, Closure $next) {
    if (!Auth::check()) {
        return redirect('/login');
    }
    return $next($request);
}
AThe middleware does not return the result of $next($request), so the request continues without redirecting.
BAuth::check() always returns true, so the condition never triggers.
CThe redirect URL '/login' is incorrect and causes a 404 error.
DMiddleware must be registered in the kernel to work, so this code never runs.
Attempts:
2 left
💡 Hint

Look carefully at the last line inside the handle method.

lifecycle
expert
2:00remaining
At which point in Laravel's request lifecycle is the encryption of cookies handled?

Identify when Laravel encrypts cookies during the request lifecycle.

AAfter the controller returns a response, just before sending it to the browser.
BDuring the EncryptCookies middleware, which runs before the request reaches the controller.
CWhen the cookies are accessed inside the controller method.
DCookies are never encrypted automatically by Laravel.
Attempts:
2 left
💡 Hint

Think about middleware order and what EncryptCookies does.