Securing Elixir Applications

Every new language or framework needs time to prove itself in production, for its early adopter to try, fail, iterate, and document what they have learned. Elixir and Phoenix can leverage the 30 years head-start of the underlying Erlang platform, but for newcomers to the platform it is not always easy to find and apply Erlang best practices. This talk explores some specific security-related aspects of Elixir, Phoenix and the Erlang VM, through practical demonstrations and use-cases. Topics covered include: use of Erlang's 'ssl' module, distributed Erlang, and VM hardening against DoS attacks.

Talk objectives: The purpose of this talk is to make people familiar with some of the Erlang/Elixir specific security considerations. It is focussed on those things that may surprise people coming to Elixir from other languages, and therefore skims over common attack patterns (XSS, CSRF, SQLI, etc.) and their mitigations.

Target audience: Anyone planning to deploy an Elixir application, with or without experience in deployment/security using other languages/platforms.