<div dir="ltr"><div>from the OWASP list some of the high level tasks you will need to do:</div><div><br></div><div><br></div><div><br></div><div>setting proper response headers ( cross origin, strict https, etc)</div><div>input validation ( for cross site scripting)</div><div>file upload scanning for viruses, etc</div><div>securing authentication ( appropriate token policies, account lock against brute force attacks)</div><div>update configs to remove server details from exposed via headers ( e.g. server:cowboy)<br></div><div><br></div><div><br></div><div>you can run a vulnerability scan using tools like burp, zap to scan for holes in your web app</div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <span dir="ltr"><<a href="mailto:leandro.21.2008@gmail.com" target="_blank">leandro.21.2008@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="auto"></div><div class="gmail_extra">Hi Lloyd,</div><div class="gmail_extra"><br></div><div class="gmail_extra">I would say that for any web app (Not only in erlang) you must start at least for securing the issues named in the OWASP 10 (<a href="https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project" target="_blank">https://www.owasp.org/index.<wbr>php/Category:OWASP_Top_Ten_<wbr>Project</a>) that will gonna give you a good coverage for the most basic and common sec issues in the world wide web of today.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks,</div><div class="gmail_extra">Leandro.-</div><div><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Oct 7, 2017 09:02, "Lloyd R. Prentice" <<a href="mailto:lloyd@writersglen.com" target="_blank">lloyd@writersglen.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello,<br>
<br>
When I put an Erlang web application on line, what security issues do I need to address and what are recommended best practices to address them?<br>
<br>
Thanks,<br>
<br>
LRP<br>
<br>
Sent from my iPad<br>
______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/list<wbr>info/erlang-questions</a><br>
</blockquote></div></div>
</div></div></div>
<br>______________________________<wbr>_________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" rel="noreferrer" target="_blank">http://erlang.org/mailman/<wbr>listinfo/erlang-questions</a><br>
<br></blockquote></div><br></div>