PHP application source code audit

The goal of the project was to assess the security level of the application’s source code based on the Laravel framework. The source code was verified by the automated scanners, and false-positive findings were removed during manual verification. In addition a thorough review was conducted of critical application logic source code pieces, controllers, views and models.


As a result, the customer has received a detailed report with recommendations and the training about security coding was conducted for the development and QA teams. Some of identified bugs were:

  • Hardcoded passwords.
  • SQL injections the Laravel RAW database queries.
  • XSS in the views which were displaying user data without proper escaping
  • Insufficient validation of the OAuth2 requests, which allowed JWT stealing.
This website uses cookies to give you the best experience. Terms & Conditions