Erlang web applications + security

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Erlang web applications + security

Lloyd R. Prentice-2
Hello,

When I put an Erlang web application on line, what security issues do I need to address and what are recommended best practices to address them?

Thanks,

LRP

Sent from my iPad
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang web applications + security

Leandro David Cacciagioni
Hi Lloyd,

I would say that for any web app (Not only in erlang) you must start at least for securing the issues named in the OWASP 10 (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will gonna give you a good coverage for the most basic and common sec issues in the world wide web of today.

Thanks,
Leandro.-

On Oct 7, 2017 09:02, "Lloyd R. Prentice" <[hidden email]> wrote:
Hello,

When I put an Erlang web application on line, what security issues do I need to address and what are recommended best practices to address them?

Thanks,

LRP

Sent from my iPad
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang web applications + security

Yu-ri Gordon
from the OWASP list some of the high level tasks you will need to do:



setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against brute force attacks)
update configs to remove server details from exposed via headers ( e.g. server:cowboy)


you can run a vulnerability scan using tools like burp, zap to scan for holes in your web app





On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <[hidden email]> wrote:
Hi Lloyd,

I would say that for any web app (Not only in erlang) you must start at least for securing the issues named in the OWASP 10 (https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will gonna give you a good coverage for the most basic and common sec issues in the world wide web of today.

Thanks,
Leandro.-

On Oct 7, 2017 09:02, "Lloyd R. Prentice" <[hidden email]> wrote:
Hello,

When I put an Erlang web application on line, what security issues do I need to address and what are recommended best practices to address them?

Thanks,

LRP

Sent from my iPad
_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions

_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions



_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions
Reply | Threaded
Open this post in threaded view
|

Re: Erlang web applications + security

Lloyd R. Prentice-2
Thanks all,

This is really helpful.

These seem like tasks that invite "re-inventing the wheel" redundant effort. Anyone aware of scripts, Ansible playbooks, step-by-step checklists, etc. to help make the process more efficient and secure?

Lloyd

-----Original Message-----
From: "Yu-ri Gordon" <[hidden email]>
Sent: Monday, October 9, 2017 12:30pm
To: "Leandro David Cacciagioni" <[hidden email]>
Cc: "Lloyd R. Prentice" <[hidden email]>, [hidden email]
Subject: Re: [erlang-questions] Erlang web applications + security

from the OWASP list some of the high level tasks you will need to do:



setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against
brute force attacks)
update configs to remove server details from exposed via headers ( e.g.
server:cowboy)


you can run a vulnerability scan using tools like burp, zap to scan for
holes in your web app





On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <
[hidden email]> wrote:

> Hi Lloyd,
>
> I would say that for any web app (Not only in erlang) you must start at
> least for securing the issues named in the OWASP 10 (
> https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) that will
> gonna give you a good coverage for the most basic and common sec issues in
> the world wide web of today.
>
> Thanks,
> Leandro.-
>
> On Oct 7, 2017 09:02, "Lloyd R. Prentice" <[hidden email]> wrote:
>
>> Hello,
>>
>> When I put an Erlang web application on line, what security issues do I
>> need to address and what are recommended best practices to address them?
>>
>> Thanks,
>>
>> LRP
>>
>> Sent from my iPad
>> _______________________________________________
>> erlang-questions mailing list
>> [hidden email]
>> http://erlang.org/mailman/listinfo/erlang-questions
>>
>
> _______________________________________________
> erlang-questions mailing list
> [hidden email]
> http://erlang.org/mailman/listinfo/erlang-questions
>
>


_______________________________________________
erlang-questions mailing list
[hidden email]
http://erlang.org/mailman/listinfo/erlang-questions