Enlightn

Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security and reliability!

The Enlightn OSS (open source software) version has dozen of automated checks that scan your application code, web server configurations and routes to identify performance bottlenecks, possible security vulnerabilities and code reliability issues.

Some performance checks:
- Performance Quick Wins (In-Built In Laravel): Route caching, config caching, etc.
- Performance Bottleneck Identification: Middleware bloat, identification of slow, duplicate and N+1 queries, etc.
- Serving Assets: Minification, cache headers, CDN and compression headers.
- Infrastructure Tuning: Opcache, cache hit ratio, unix sockets for single server setups, etc.
- Choosing The Right Driver: Choosing the right session, queue and cache drivers for your app.
- Good Practices: Separate Redis databases for locks, dont install dev dependencies in production, etc.

Some security checks:
- Basic Security: Turn off app debug in production, app key, CSRF protection, login throttling, hash strength, etc.
- Cookie Security and Session Management: Cookie encryption, secure cookie attributes, session timeouts, etc.
- ass Assignment: Detection of mass assignment vulnerabilities, unguarded models, etc.
- SQL Injection Attacks: Detection of raw SQL injection, column name SQL injection, validation rule injection, etc.
- Security Headers: XSS, HSTS, clickjacking and MIME protection headers.
- Unrestricted File Uploads and DOS Attacks: Detection of directory traversal, storage DOS, unrestricted file uploads, etc.
- Injection and Phishing Attacks: Detection of command injection, host injection, object injection, open redirection, etc.
- Dependency Management: Backend and frontend vulnerability scanning, stable and up-to-date dependency checks, licensing, etc.

Some reliability checks:
- Code Reliability and Bug Detection: Invalid function calls, method calls, offsets, imports, return statements, syntax errors, invalid model relations, etc.
- Health Checks: Health checks for cache, DB, directory permissions, migrations, disk space, symlinks, Redis, etc.
- Detecting Misconfigurations: Cache prefix, queue timeouts, failed job timeouts, Horizon provisioning plans, eviction policy, etc.
- Dead Routes and Dead Code: Detection of dead routes and dead/unreachable code.
- Good Practices: Cache busting, Composer scripts, env variables, avoiding globals and superglobals, etc.