[erlang-questions] Erlang web applications + security
Mon Oct 9 18:47:55 CEST 2017
This is really helpful.
These seem like tasks that invite "re-inventing the wheel" redundant effort. Anyone aware of scripts, Ansible playbooks, step-by-step checklists, etc. to help make the process more efficient and secure?
From: "Yu-ri Gordon" <yuri.cho@REDACTED>
Sent: Monday, October 9, 2017 12:30pm
To: "Leandro David Cacciagioni" <leandro.21.2008@REDACTED>
Cc: "Lloyd R. Prentice" <lloyd@REDACTED>, erlang-questions@REDACTED
Subject: Re: [erlang-questions] Erlang web applications + security
from the OWASP list some of the high level tasks you will need to do:
setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against
brute force attacks)
update configs to remove server details from exposed via headers ( e.g.
you can run a vulnerability scan using tools like burp, zap to scan for
holes in your web app
On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <
> Hi Lloyd,
> I would say that for any web app (Not only in erlang) you must start at
> least for securing the issues named in the OWASP 10 (
> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will
> gonna give you a good coverage for the most basic and common sec issues in
> the world wide web of today.
> On Oct 7, 2017 09:02, "Lloyd R. Prentice" <lloyd@REDACTED> wrote:
>> When I put an Erlang web application on line, what security issues do I
>> need to address and what are recommended best practices to address them?
>> Sent from my iPad
>> erlang-questions mailing list
> erlang-questions mailing list
More information about the erlang-questions