MULTI-LEVEL DATA PROTECTION IN LARAVEL APPLICATIONS

Authors

DOI:

https://doi.org/10.28925/2663-4023.2026.32.1075

Keywords:

Laravel; security; optimization; web applications; encryption; API; data protection.

Abstract

In the modern context of the growing number of cyber threats, the problem of data protection in web applications is becoming particularly relevant. Laravel, as one of the most widespread PHP frameworks, is widely used for the development of business applications, educational platforms, and information systems, which necessitates a comprehensive analysis of its security capabilities. The article systematizes the built-in Laravel protection mechanisms, including prevention of SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), as well as basic authentication and authorization tools. The limitations of standard solutions in high-load environments have been identified, which determines the need for integration of advanced approaches. A multi-level data protection model in Laravel has been developed, which combines built-in mechanisms with advanced solutions: the use of the Argon2 hashing algorithm instead of bcrypt to enhance cryptographic strength; the implementation of two-factor authentication; the application of access policies and rate limiting to protect APIs; the integration of anomaly detection mechanisms for requests. The proposed model has been formalized through a mathematical description of risks and time costs, which makes it possible to compare the performance of different solutions. Experimental studies were conducted in a test environment using Apache Benchmark and Siege. The obtained results indicate that the use of Argon2 increases the processing time of authentication requests by an average of 12–15% compared to bcrypt, but significantly enhances the level of protection. The use of rate limiting reduced the risk of brute force attacks by 40%, while the implementation of access policies significantly decreased the number of unauthorized access attempts. As a result, it has been proven that the integration of basic and advanced mechanisms forms an optimal model of data protection in Laravel applications, which ensures a balance between performance and security. Further research involves the use of adaptive methods for anomaly detection in traffic and the development of automated tools for assessing the security level of web applications.

Downloads

Download data is not yet available.

References

Upadhyay, D., & Ware, N. R. (2023). Evolving trends in web application vulnerabilities: A comparative study of OWASP Top 10 2017 and OWASP Top 10 2021. International Journal of Engineering Technology and Management Sciences, 4(2), 112–120.

Serbout, S., El Malki, A., Pautasso, C., & Zdun, U. (2023). API rate limit adoption – A pattern collection. In Proceedings of the 28th European Conference on Pattern Languages of Programs (EuroPLoP 2023). ACM. https://doi.org/10.1145/3628034.3628039.

Tippe, P., & Berner, M. P. (2025). Evaluating Argon2 adoption and effectiveness in real-world software. In International Conference on Availability, Reliability and Security (ARES 2025) (pp. 25–46). Springer, LNCS, vol. 15993. https://doi.org/10.1007/978-3-032-00627-1_2.

Boonkrong, S., & Koksungnoen, P. (2025). Identification of optimal Argon2i parameters for performance and security enhancement. International Journal of Information Technology. https://doi.org/10.1007/s41870-025-02457-5.

El Malki, A., Pautasso, C., & Zdun, U. (2023). Impact of API rate limit on reliability of microservices-based architectures. University of Vienna, Faculty of Computer Science. Retrieved from https://eprints.cs.univie.ac.at/7399.

Muthukrishnan, M. (2024). API rate limiting mechanisms in SaaS applications: A systematic analysis of DDoS protection strategies. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 10(6), 1787–1798. https://doi.org/10.32628/CSEIT241061223.

Etese, O. (2025). A review and comparative analysis of password hashing techniques. SSRN. https://doi.org/10.2139/ssrn.5363433.

Ntantogian, C. (2019). Evaluation of password hashing schemes in open source frameworks. Computers & Security, 85, 372–385. https://doi.org/10.1016/j.cose.2019.03.011

Wong, C., & Bielski, S. (2005). Empirical analysis of rate limiting mechanisms. In Recent Advances in Intrusion Detection (RAID 2005) (pp. 22–42). Springer, LNCS, vol. 3858. https://doi.org/10.1007/11663812_2.

Bai, W., Blocki, J., & Ameri, M. H. (2022). Cost-asymmetric memory hard password hashing. arXiv preprint. https://doi.org/10.48550/arXiv.2206.12970.

Downloads


Abstract views: 2

Published

2026-03-26

How to Cite

Belous, R., & Klymenkov, O. (2026). MULTI-LEVEL DATA PROTECTION IN LARAVEL APPLICATIONS. Electronic Professional Scientific Journal «Cybersecurity: Education, Science, Technique», 4(32), 366–375. https://doi.org/10.28925/2663-4023.2026.32.1075

Issue

Vol. 4 No. 32 (2026): Cybersecurity: Education, Science, Technique

Section

Articles

License

Copyright (c) 2026 Роман Белоус, Олег Клименков

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.