Every new language or framework needs time to prove itself in production, for its early adopter to try, fail, iterate, and document what they have learned. Elixir and Phoenix can leverage the 30 years head-start of the underlying Erlang platform, but for newcomers to the platform it is not always easy to find and apply Erlang best practices. This talk explores some specific security-related aspects of Elixir, Phoenix and the Erlang VM, through practical demonstrations and use-cases. Topics covered include: use of Erlang's 'ssl' module, distributed Erlang, and VM hardening against DoS attacks.
The purpose of this talk is to make people familiar with some of the Erlang/Elixir specific security considerations. It is focussed on those things that may surprise people coming to Elixir from other languages, and therefore skims over common attack patterns (XSS, CSRF, SQLI, etc.) and their mitigations.
Anyone planning to deploy an Elixir application, with or without experience in deployment/security using other languages/platforms.
Architect and Security Advocate, Elixir user since 2012 and occasional blogger on Erlang/Elixir security topics at https://blog.voltone.net/. Drawing on 20 years of experience delivering hardware and software to tier-1 telcos around the world, meeting their stringent security and reliability requirements. Dutch expat currently living in Tel Aviv, Israel with wife, 2 kids and no pets.