Sqreen: Application Security for Laravel Apps (sponsor)
Published on by Eric L. Barnes
As developers, we need to make sure our code is free from vulnerabilities. But with how complex software is these days, it’s almost impossible to catch every vulnerability before we ship.
Looking at the evolution of the OWASP top 10, we can see that the most critical vulnerabilities haven’t really changed in 15 years. Why is that? For years we tried to identify vulnerabilities with application security testing or to prevent them with firewalls at the application’s edge. But these approaches only leverage data at a single layer: code without execution context or network data without code context. They are unreliable, complex to manage, and slow down developers.
It’s time for a change, and that’s the change we’re driving with Sqreen.
What is Sqreen?
Sqreen is an Application Security Management platform that helps developers and security teams protect, observe, and test their applications, APIs, and microservices.
Sqreen is embedded directly inside your application. By leveraging a unique distributed architecture with sandboxed agents that combine network, authentication, and deep code execution security signals, Sqreen can understand the full runtime behavior of the application. Sqreen accurately differentiates malicious from harmless threats, without the need for AI/ML guesswork based on regex patterns, static traces, or logs. This unique in-depth visibility offers higher precision at detecting and blocking attacks.
With Sqreen, teams can get peace of mind with a holistic protection solution that is easy to use and provides actionable insights. You don’t need to be a security expert to protect your app.
Check out this short video to learn how Sqreen can help you protect your Laravel applications in less than 5 minutes:
Getting Started with Sqreen in 5 minutes – Sqreen
How to install Sqreen on a Laravel app
Installing Sqreen is very easy. It just takes a couple of minutes to install the Sqreen PHP microagent.
The PHP microagent has two parts: a PHP extension and a Sqreen daemon. Sqreen requires both parts to secure your Laravel web applications.
The Sqreen PHP extension performs the PHP code instrumentation. It is a compiled extension (like the MySQL or ODBC extensions) that uses the PHP engine’s API. It inspects the PHP internal state to detect malicious activities and block attacks.
The Sqreen PHP daemon provides a long-running background process that enables the microagent to send security metadata to your dashboard and perform asynchronous activities.
- Sign up to create your free Sqreen account
- Fetch your organization token that begins with env_org_
- From Terminal, run the following command to install both the PHP extension and the Sqreen daemon.
curl -s https://download.sqreen.com/php/install.sh > sqreen-install.sh&& bash sqreen-install.sh [YOUR ORG TOKEN HERE] "[YOUR APP NAME HERE]"
- Restart your web application server.
- Visit your website or query your application to complete the installation.
And that’s it!
Blocking critical attacks
After installing Sqreen, the agent will automatically detect your application’s stack and configure the right set of protections for your Laravel application. No fine-tuning or heavy configuration required!
Sqreen will combine protections across a wide range of capabilities from an In-App Web Application Firewall, to a Runtime Application Seld-Protection or a Content Security Policy.
Out of the box, your application will be protected against some of the most critical OWASP top 10 attacks: – SQL injections – NoSQL injections – Cross-Site Scripting (XSS) – Server-Side Request Forgery (SSRF) – Account Takeover – And more
Monitoring your security in real-time
With Sqreen, you get real-time visibility on the attacks that target your application. You know when your app is under attack or can identify malicious actors and users. You will receive notifications on only the incidents that really matter.
Here is the incident detail of an attack that Sqreen blocked. By leveraging the full application context, Sqreen is able to provide actionable insights about attacks and vulnerabilities. In this case, you can see the full stack trace of the SRRF vulnerability that the attacker tried to exploit. Now you can quickly remediate the vulnerability.
Get started today
Head over to Sqreen and sign up for a free account! Take our interactive onboarding and a demo application for a spin.
Over 800 organizations, from small startups to large enterprises, trust Sqreen to protect their applications.
Eric is the creator of Laravel News and has been covering Laravel since 2012.