Blog
Elixir & Phoenix

Elixir Security: A Comprehensive Guide by Michael Lubas - Elixir Meetup #18

Article autor
Mikołaj Gadomski-Musioł
June 16, 2023
Elixir Security: A Comprehensive Guide by Michael Lubas - Elixir Meetup #18
Elixir Newsletter
Join Elixir newsletter

Subscribe to receive Elixir news to your inbox every two weeks.

Oops! Something went wrong while submitting the form.
Elixir Newsletter
Expand your skills

Download free e-books, watch expert tech talks, and explore open-source projects. Everything you need to grow as a developer - completely free.

Explore Community

Table of contents

Explore the insights of Elixir Security with Michael Lubas, the founder of Paraxial.io, as he shares his expertise at Curiosum's Elixir Meetup #18.

Elixir Security: A New Horizon

The Importance of Elixir Security

Michael Lubas opens the talk with a narrative about a bank's web application vulnerability, highlighting the significance of security in Elixir. He explains that, unlike other languages, Elixir's isolated memory space in the beam prevents data races, making it inherently more secure. This unique feature sets Elixir apart and offers a robust foundation for building secure applications.

Elixir's Security Advantages

Elixir's security benefits are often overlooked. Lubas emphasizes that Elixir's design, including Hex's well-structured system and Ecto's secure code-writing encouragement, makes it more secure than other languages like JavaScript, PHP, or Ruby. He provides examples of how Elixir's architecture minimizes common vulnerabilities, offering a safer development environment.

Understanding Application Security

Lubas explains the difference between desktop client software and application security, focusing on the latter. He illustrates how public-facing web servers need protection against constant attacks, using the Equifax data breach as a high-profile example. He stresses the importance of understanding the specific security needs of web applications and the challenges they face in today's interconnected world.

Tools and Training for Elixir Security

Lubas introduces various resources for learning about Elixir security, including books, guidelines, and tools like Sobelow. He also mentions the Potion Shop project, an open-source Phoenix application designed to demonstrate vulnerabilities. These resources offer developers a hands-on approach to understanding and mitigating security risks in Elixir applications.

Enhancing Elixir Security

Lubas presents Exploit Guard, a runtime application self-protection library for Elixir. He hopes this open-source tool will improve Elixir's adoption in high-security environments. He explains how Exploit Guard can detect and prevent attacks in real-time, offering additional protection for Elixir applications.

Common Security Issues in Phoenix Apps

During the Q&A session, Lubas identifies the lack of rate limiting on login pages as a standard security issue in Phoenix apps. He emphasizes that this seemingly low-severity problem often leads to significant incidents, such as unauthorized account access or credit card fraud. He urges developers to recognize the importance of implementing proper rate limiting to prevent such attacks.

Conclusion

Michael Lubas's presentation at Curiosum's Elixir Meetup #18 offers valuable insights into the world of Elixir security. From understanding the unique advantages of Elixir to exploring tools, common issues, and innovative solutions, the talk serves as a comprehensive guide for anyone interested in securing their Elixir applications. Lubas's expertise and passion for Elixir security shine through, providing attendees with a rich and informative experience.

Elixir Meetups

Are you interested in diving deeper into Elixir? Join us at the next Elixir Meetup by Curiosum and explore the fascinating world of Elixir with experts and enthusiasts alike. Engage in discussions, learn from real-world experiences, and be part of a thriving community.

Watch the video

Want to power your product with Elixir? We’ve got you covered.

Discover Elixir development

Related posts

Dive deeper into this topic with these related posts

No items found.

You might also like

Discover more content from this category

Introducing Permit: An Authorization Library for Elixir - Michał Buszkiewicz - Elixir Meetup #8
Elixir & Phoenix

Introducing Permit: An Authorization Library for Elixir - Michał Buszkiewicz - Elixir Meetup #8

A new authorization library for Elixir designed to simplify and unify authorization processes. In this session, Michał shared the progress made on Permit, detailed its current status, and discussed future plans for the library.

Read more
Elixir streams and list comprehensions
Elixir & Phoenix

Elixir streams and list comprehensions

There is a high chance that you have used lists, maps, keywords etc. for some reason or another, and if you used those enumerables, you had to iterate over them, build some data structures, transform them etc.

Read more
gRPC vs. REST: How to Use gRPC in Elixir - Samuel Pereira - Elixir Meetup #11
Elixir & Phoenix

gRPC vs. REST: How to Use gRPC in Elixir - Samuel Pereira - Elixir Meetup #11

Join Samuel Pereira at Elixir Meetup #11 with the topic of gRPC, comparing it with REST and demonstrating how to implement gRPC in Elixir. It's for developers looking to optimize communication between microservices and improve app performance.

Read more