We talk with Michael Lubas about steps we can take to protect our Phoenix applications from common automated bot attacks. We cover API abuse to send email spam, carding attacks, and credential stuffing. We learn how Michael started paraxial.io which aims to specifically serve the Elixir community and more!
Show Notes online - http://podcast.thinkingelixir.com/93 (http://podcast.thinkingelixir.com/93)
Elixir Community News
- https://erlef.org/blog/eef/election-2022-results (https://erlef.org/blog/eef/election-2022-results) – Erlang Ecosystem Foundation board election voting results
- https://erlef.org/blog/eef/election-2022 (https://erlef.org/blog/eef/election-2022) – Previous election notice and explanations
- https://hexdocs.pm/ex_doc/changelog.html (https://hexdocs.pm/ex_doc/changelog.html) – ExDoc v0.28.3 was released
- https://twitter.com/josevalim/status/1508528099973120004 (https://twitter.com/josevalim/status/1508528099973120004) – Call to help move ExDoc away from webpack to esbuild
- https://twitter.com/dominicletz/status/1506675402059792388 (https://twitter.com/dominicletz/status/1506675402059792388) – iOS app store now has an Elixir application deployed in it!
- https://podcast.thinkingelixir.com/69 (https://podcast.thinkingelixir.com/69) – Previous interview with Dominic Letz about doing Elixir on the desktop and mobile.
- https://www.erlang.org/news/155 (https://www.erlang.org/news/155) – Erlang 25.0 rc-2 was released and requesting feedback
- https://twitter.com/josevalim/status/1507443537851392007 (https://twitter.com/josevalim/status/1507443537851392007) – Jose Valim's experience compiling Elixir from scratch on Apple's new MacStudio M1 Max
- Conference reminders
- https://www.empex.co/mtn (https://www.empex.co/mtn) – Empex MTN in Salt Lake City on May 6
- https://codesync.global/conferences/code-beam-sto-2022/ (https://codesync.global/conferences/code-beam-sto-2022/) – CodeBEAM in Stockholm on May 19-20
- https://www.elixirconf.eu/ (https://www.elixirconf.eu/) – ElixirConf EU in London on June 9-10
- https://elixirconf.com/events (https://elixirconf.com/events) – ElixirConf US in Colorado on August 30-Sep2
- https://github.com/lucasvegi/Elixir-Code-Smells (https://github.com/lucasvegi/Elixir-Code-Smells) – Elixir Code Smells - public project
- https://fly.io/phoenix-files/safe-ecto-migrations/ (https://fly.io/phoenix-files/safe-ecto-migrations/) – Safe Ecto Migrations
- https://twitter.com/TylerAYoung/status/1508413319178297352 (https://twitter.com/TylerAYoung/status/1508413319178297352) – Today I Learned about doctests and importing
Do you have some Elixir news to share? Tell us at @ThinkingElixir (https://twitter.com/ThinkingElixir) or email at show@thinkingelixir.com (mailto:show@thinkingelixir.com)
Discussion Resources
- https://www.paraxial.io/blog/throttle-requests (https://www.paraxial.io/blog/throttle-requests)
- https://github.com/michalmuskala/plug_attack (https://github.com/michalmuskala/plug_attack)
- https://owasp.org/Top10/ (https://owasp.org/Top10/)
- https://github.com/magento/magento2/issues/28614 (https://github.com/magento/magento2/issues/28614) – What is a carding attack?
- https://owasp.org/www-project-automated-threats-to-web-applications/ (https://owasp.org/www-project-automated-threats-to-web-applications/)
- http://paraxial.io/ (http://paraxial.io/)
- https://frame.io/ (https://frame.io/)
- https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx (https://news.adobe.com/news/news-details/2021/Adobe-Completes-Acquisition-of-Frame.io/default.aspx)
- https://www.metasploit.com/ (https://www.metasploit.com/)
- https://www.crunchbase.com/ (https://www.crunchbase.com/)
- https://owasp.org/www-community/attacks/Credential_stuffing (https://owasp.org/www-community/attacks/Credential_stuffing)
- https://en.wikipedia.org/wiki/Webapplicationfirewall (https://en.wikipedia.org/wiki/Web_application_firewall)
Guest Information
- https://twitter.com/paraxialio