We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Coding a web application in Elixir with the Phoenix framework gives you an incredibly solid base. Any security problems that occur are preventable, if you know what to watch out for. The list below is based on my own professional experience pentesting Elixir applications, and building a company to help developers with security. My goal is to help you avoid a data breach due to your project being hacked, each line item was selected with that consideration in mind.
The full list ranked in order of priority:
- Maintain an inventory of all your public facing applications
- Run static analysis scans with Sobelow regularly, in CI/CD if possible
- Detect vulnerable dependencies with MixAudit (NOT Dependabot), in CI/CD if possible
- Check the ports and SSH settings on your web server
- Ensure your database server is not exposed to the public internet
- Check for server side request forgery (SSRF), use the safeURL library if needed
- Be wary of using ImageMagick, Ghostscript, and FFmpeg on user uploads
- Rate limiting on authentication and payment endpoints
- Scan your code base for secrets
- Check for sequential IDs and access control violations
- Check for mass assignment in Ecto
continue reading on paraxial.io
⚠️ This post links to an external website. ⚠️
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.