Elixir Mix

Elixir Mix is a weekly show focused on the Elixir programming community. Our panel discusses topics around functional programming, the Elixir ecosystem, and building real world apps with Elixir based tools and frameworks.

https://devchat.tv/elixir-mix

subscribe
share



 

EMx 056: Sobelow and Security with Griffin Byatt


Sponsors

  • Sentry use the code “devchat” for 2 months free on Sentry small plan
  • Triplebyte offers a $1000 signing bonus
  • CacheFly
Panel
  • Mark Ericksen
  • Josh Adams
Joined by Special Guest: Griffin ByattSummaryGriffin Byatt shares his background and what he is doing now as a security consultant for NCC Group. The panel discusses his security library, Sobelow, and their experiences using it. Griffin explains how it works, how it came into being and the goal of Sobelow. The panel wonders who contributes to Sobelow and Griffin invites anyone to contribute. Vulnerabilities that are commonly seen across all frameworks and those specific to Elixir are discussed. Elixir’s security features are considered and Griffin shares his experiences working to improve the ecosystem. Griffin gives advice and recommends resources to developers.Links
  • Substitute Teacher - Key & Peele
  • https://www.nccgroup.trust/us/
  • https://brakemanscanner.org/
  • https://github.com/nccgroup/sobelow
  • https://github.com/nccgroup/sobelow/blob/master/lib/sobelow/traversal/file_module.ex
  • https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
  • ElixirConf 2017 - Plugging the Security Holes in Your Phoenix Application - Griffin Byatt
  • https://github.com/ueberauth/guardian
  • https://oauth.net/
  • https://github.com/riverrun/phauxth
  • https://github.com/riverrun/comeonin
  • https://www.owasp.org/
  • https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  • The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
  • https://griffinbyatt.com/
  • https://twitter.com/griffinbyatt
  • https://twitter.com/elixir_mix
  • https://www.facebook.com/Elixir-Mix
PicksMark Ericksen:
  • https://stedolan.github.io/jq
  • https://github.com/elixir-lang/elixir/releases
Josh Adams:
  • https://librem.one/
  • https://puri.sm/products/librem-5/
Griffin Byatt:
  • https://www.freehaven.net/anonbib/
  • https://www.nccgroup.trust/us/our-research/assessing-unikernel-security/?research=Whitepapers
  •  


share





 2019-06-18  46m