Every new language or framework needs time to prove itself in production, for its early adopter to try, fail, iterate, and document what they have learned. Elixir and Phoenix can leverage the 30 years head-start of the underlying Erlang platform, but for newcomers to the platform it is not always easy to find and apply Erlang best practices. This talk explores some specific security-related aspects of Elixir, Phoenix and the Erlang VM, through practical demonstrations and use-cases. Topics covered include: use of Erlang's 'ssl' module, distributed Erlang, and VM hardening against DoS attacks.
The purpose of this talk is to make people familiar with some of the Erlang/Elixir specific security considerations. It is focussed on those things that may surprise people coming to Elixir from other languages, and therefore skims over common attack patterns (XSS, CSRF, SQLI, etc.) and their mitigations.
Anyone planning to deploy an Elixir application, with or without experience in deployment/security using other languages/platforms.
Bram is an architect and security advocate with more than 20 years experience delivering complex software platforms to tier-1 telcos around the world, meeting their stringent security and reliability requirements. He has been using Erlang, and later Elixir, since 2010. As a security advocate, he has taken an interest in the security aspects of the Erlang/OTP ecosystem. This focus he has also continued as a blogger (at https://blog.voltone.net/), trainer, speaker, and open source contributor. His latest project is the X509 package, available on Hex.