Enhancing User Security for Laravel Applications

The user has no way of knowing their account has been infiltrated. Once compromised, any information can be changed on the account right under the user’s nose.

Before they know it, they are logged out of their own account with no way of re-accessing. Blindsided by an attacker and their world is upended! Whew!

Okay, maybe that’s a bit extreme. Nonetheless, this does present a real security vulnerability. Your users want to know they can trust you to protect their information. Providing security for your user is a great way to gain their trust.

Solution

We at Zaengle take software security very seriously. That’s why we’ve built a fully customizable Laravel security package that allows you to track potential security breaches on a user’s account and notify them instantly. This package offers the ability to keep track of IP addresses used by an account and monitor secure fields for changes.

Security Detection

This project was born during a review of the NIST (National Institute of Standards and Technology) CyberSecurity Framework. The CyberSecurity Framework consists of five functions. While a full explanation of these five functions is beyond the scope of this article, our package falls into the “detect” function. I will provide a brief explanation of the “detect” function here. For a full understanding, please read Josh Liebster’s article.

There are a couple of steps to the “Detect” function:

1. First is anomaly and event detection. In our package, we do this by monitoring a defined set of fields for all changes. We also monitor each IP address that logs into our system.
2. Once an anomaly or suspicious event is detected, it is important to record a log for detailed security protection. In our package, we store a database record for each IP address used to log into the system. This allows us to quickly see all IP addresses associated with a given account as well as location information.
3. Finally, we need to alert the user to suspicious activity. Our package does this by sending an email notification for two events. The first is sent when a new IP address is used to log in to an account. The user will receive an email with detailed information about the IP address, such as its location and time of login. The second email is sent when any of the defined secure fields are updated. The user will receive an email message with a list of all updated fields.

Conclusion

This package is just one of the many tools we use as part of our Detection solution for the NIST CyberSecurity Framework. It seeks to establish a solid security detection strategy, providing peace of mind for end users. The package is fully customizable and configurable, so you can modify it to meet your specific needs. Find the package on GitHub for detailed documentation and installation instructions.