[erlang-questions] Erlang web applications + security

lloyd@REDACTED lloyd@REDACTED
Mon Oct 9 18:47:55 CEST 2017


Thanks all,

This is really helpful.

These seem like tasks that invite "re-inventing the wheel" redundant effort. Anyone aware of scripts, Ansible playbooks, step-by-step checklists, etc. to help make the process more efficient and secure?

Lloyd

-----Original Message-----
From: "Yu-ri Gordon" <yuri.cho@REDACTED>
Sent: Monday, October 9, 2017 12:30pm
To: "Leandro David Cacciagioni" <leandro.21.2008@REDACTED>
Cc: "Lloyd R. Prentice" <lloyd@REDACTED>, erlang-questions@REDACTED
Subject: Re: [erlang-questions] Erlang web applications + security

from the OWASP list some of the high level tasks you will need to do:



setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against
brute force attacks)
update configs to remove server details from exposed via headers ( e.g.
server:cowboy)


you can run a vulnerability scan using tools like burp, zap to scan for
holes in your web app





On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <
leandro.21.2008@REDACTED> wrote:

> Hi Lloyd,
>
> I would say that for any web app (Not only in erlang) you must start at
> least for securing the issues named in the OWASP 10 (
> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will
> gonna give you a good coverage for the most basic and common sec issues in
> the world wide web of today.
>
> Thanks,
> Leandro.-
>
> On Oct 7, 2017 09:02, "Lloyd R. Prentice" <lloyd@REDACTED> wrote:
>
>> Hello,
>>
>> When I put an Erlang web application on line, what security issues do I
>> need to address and what are recommended best practices to address them?
>>
>> Thanks,
>>
>> LRP
>>
>> Sent from my iPad
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
>





More information about the erlang-questions mailing list