Every new language or framework needs time to prove itself in production, for its early adopter to try, fail, iterate, and document what they have learned. Elixir and Phoenix can leverage the 30 years head-start of the underlying Erlang platform, but for newcomers to the platform it is not always easy to find and apply Erlang best practices. This talk explores some specific security-related aspects of Elixir, Phoenix and the Erlang VM, through practical demonstrations and use-cases. Topics covered include: use of Erlang's 'ssl' module, distributed Erlang, and VM hardening against DoS attacks.
The purpose of this talk is to make people familiar with some of the Erlang/Elixir specific security considerations. It is focussed on those things that may surprise people coming to Elixir from other languages, and therefore skims over common attack patterns (XSS, CSRF, SQLI, etc.) and their mitigations.
Anyone planning to deploy an Elixir application, with or without experience in deployment/security using other languages/platforms.
Bram is a system architect and security advocate at Cisco Systems. His work focusses on massively concurrent back-end systems for IoT/IoE applications, preferably built using Erlang/Elixir, as well as PKI-based security solutions for such environments. He has previously built/designed API servers using Ruby on Rails, as well as VoIP soft switches in Java.