[erlang-questions] Erlang web applications + security

Yu-ri Gordon <>
Mon Oct 9 18:30:09 CEST 2017


from the OWASP list some of the high level tasks you will need to do:



setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against
brute force attacks)
update configs to remove server details from exposed via headers ( e.g.
server:cowboy)


you can run a vulnerability scan using tools like burp, zap to scan for
holes in your web app





On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <
> wrote:

> Hi Lloyd,
>
> I would say that for any web app (Not only in erlang) you must start at
> least for securing the issues named in the OWASP 10 (
> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will
> gonna give you a good coverage for the most basic and common sec issues in
> the world wide web of today.
>
> Thanks,
> Leandro.-
>
> On Oct 7, 2017 09:02, "Lloyd R. Prentice" <> wrote:
>
>> Hello,
>>
>> When I put an Erlang web application on line, what security issues do I
>> need to address and what are recommended best practices to address them?
>>
>> Thanks,
>>
>> LRP
>>
>> Sent from my iPad
>> _______________________________________________
>> erlang-questions mailing list
>> 
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
> _______________________________________________
> erlang-questions mailing list
> 
> http://erlang.org/mailman/listinfo/erlang-questions
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20171009/d1efe168/attachment.html>


More information about the erlang-questions mailing list