Laravel or pure php?

Using a framework does not secure your code magically. You still have to protect it.

you can see your web app as a house with many doors. with pure PHP, you will have to build your doors before using them. On the other side, Laravel (or any framework) comes with built-in doors but if you don't use them, your app will not be secured.

Example of protections simplified with Laravel

  • CSRF protection https://laravel.com/docs/5.3/csrf
  • SQL injections using Eloquent https://laravel.com/docs/5.3/eloquent
  • Form validation https://laravel.com/docs/5.3/validation

All protections listed above can be done with pure PHP but you will have to write a lot of code.