46 min listen
173: Web App Security Best Practices and Sobelow
173: Web App Security Best Practices and Sobelow
ratings:
Length:
47 minutes
Released:
Oct 17, 2023
Format:
Podcast episode
Description
We delve into the tricky world of cybersecurity with our guest, Michael Lubas. We touch on the widely-discussed 23andMe data breach, discussing what went wrong and how it applies to Elixir apps. A significant part of our talk is centered around the informative guide by the EEF Security Working Group called “Web Application Security Best Practices for BEAM languages.” An essential tool featured in our discussion is Sobelow, a security-focused static code analysis tool invaluable in warding off potential security breaches. We wrap up the conversation by discussing the practical application of these tools, using Paraxial.io's vulnerable-by-design “Potion Shop” app as a case study to run Sobelow and practice fixing issues. Join us for an enlightening discussion packed full of important insights!
Show Notes online - http://podcast.thinkingelixir.com/173 (http://podcast.thinkingelixir.com/173)
Elixir Community News
- https://github.com/phoenixframework/phoenixliveview/pull/2845 (https://github.com/phoenixframework/phoenix_live_view/pull/2845?utm_source=thinkingelixir&utm_medium=shownotes) – Information on the upcoming LiveView that speeds up client DOM patching 5x.
- https://twitter.com/chris_mccord/status/1709681327019086044 (https://twitter.com/chris_mccord/status/1709681327019086044?utm_source=thinkingelixir&utm_medium=shownotes) – The post to further explain the upcoming LiveView.
- https://twitter.com/josevalim/status/1709841186972705033 (https://twitter.com/josevalim/status/1709841186972705033?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim's clarification on how LiveView's 5x DOM patching works.
- https://twitter.com/wojtekmach/status/1709675064944144605 (https://twitter.com/wojtekmach/status/1709675064944144605?utm_source=thinkingelixir&utm_medium=shownotes) – Teaser about a cool new Req feature by Wojtek Mach.
- https://twitter.com/wojtekmach/status/1710053454217887970 (https://twitter.com/wojtekmach/status/1710053454217887970?utm_source=thinkingelixir&utm_medium=shownotes) – Release note for Req v0.3.12 and v0.4.4 and encouragement to upgrade.
- https://twitter.com/Tangui/status/1709645048906748378 (https://twitter.com/Tangui/status/1709645048906748378?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of a new HTTP Caching library called httpcache.
- http://svground.fr/blog/posts/introducing-http-cache/ (http://svground.fr/blog/posts/introducing-http-cache/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post that accompanies the release of the new HTTP Caching library.
- https://github.com/tanguilp/plughttpcache (https://github.com/tanguilp/plug_http_cache?utm_source=thinkingelixir&utm_medium=shownotes) – plughttpcache - An Elixir plug that caches HTTP responses.
- https://github.com/tanguilp/teslahttpcache (https://github.com/tanguilp/tesla_http_cache?utm_source=thinkingelixir&utm_medium=shownotes) – teslahttpcache - HTTP caching Tesla middleware.
- https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2 (https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2?utm_source=thinkingelixir&utm_medium=shownotes) – Post about Day 1 of Livebook's launch week with information on the new feature.
- https://twitter.com/thmsmlr/status/1709309268183367901 (https://twitter.com/thmsmlr/status/1709309268183367901?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of Livebook Copilot by Thomas Millar.
- https://github.com/thmsmlr/kino_copilot (https://github.com/thmsmlr/kino_copilot?utm_source=thinkingelixir&utm_medium=shownotes) – kinocopilot - Livebook SmartCell that refactors code, generates SQL for data analysis, writes documentation, and generates dashboards.
- https://twitter.com/hugobarauna/status/1709631824555573554 (https://twitter.com/hugobarauna/status/1709631824555573554?utm_source=thinkingelixir&utm_medium=shownotes) – Demonstration of Livebook voice transcription by Hugo Baraúna.
- https://github.com/brainlid/langchain_demo
Show Notes online - http://podcast.thinkingelixir.com/173 (http://podcast.thinkingelixir.com/173)
Elixir Community News
- https://github.com/phoenixframework/phoenixliveview/pull/2845 (https://github.com/phoenixframework/phoenix_live_view/pull/2845?utm_source=thinkingelixir&utm_medium=shownotes) – Information on the upcoming LiveView that speeds up client DOM patching 5x.
- https://twitter.com/chris_mccord/status/1709681327019086044 (https://twitter.com/chris_mccord/status/1709681327019086044?utm_source=thinkingelixir&utm_medium=shownotes) – The post to further explain the upcoming LiveView.
- https://twitter.com/josevalim/status/1709841186972705033 (https://twitter.com/josevalim/status/1709841186972705033?utm_source=thinkingelixir&utm_medium=shownotes) – José Valim's clarification on how LiveView's 5x DOM patching works.
- https://twitter.com/wojtekmach/status/1709675064944144605 (https://twitter.com/wojtekmach/status/1709675064944144605?utm_source=thinkingelixir&utm_medium=shownotes) – Teaser about a cool new Req feature by Wojtek Mach.
- https://twitter.com/wojtekmach/status/1710053454217887970 (https://twitter.com/wojtekmach/status/1710053454217887970?utm_source=thinkingelixir&utm_medium=shownotes) – Release note for Req v0.3.12 and v0.4.4 and encouragement to upgrade.
- https://twitter.com/Tangui/status/1709645048906748378 (https://twitter.com/Tangui/status/1709645048906748378?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of a new HTTP Caching library called httpcache.
- http://svground.fr/blog/posts/introducing-http-cache/ (http://svground.fr/blog/posts/introducing-http-cache/?utm_source=thinkingelixir&utm_medium=shownotes) – Blog post that accompanies the release of the new HTTP Caching library.
- https://github.com/tanguilp/plughttpcache (https://github.com/tanguilp/plug_http_cache?utm_source=thinkingelixir&utm_medium=shownotes) – plughttpcache - An Elixir plug that caches HTTP responses.
- https://github.com/tanguilp/teslahttpcache (https://github.com/tanguilp/tesla_http_cache?utm_source=thinkingelixir&utm_medium=shownotes) – teslahttpcache - HTTP caching Tesla middleware.
- https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2 (https://news.livebook.dev/remote-execution-smart-cell---launch-week-2---day-1-m3dv2?utm_source=thinkingelixir&utm_medium=shownotes) – Post about Day 1 of Livebook's launch week with information on the new feature.
- https://twitter.com/thmsmlr/status/1709309268183367901 (https://twitter.com/thmsmlr/status/1709309268183367901?utm_source=thinkingelixir&utm_medium=shownotes) – Announcement of Livebook Copilot by Thomas Millar.
- https://github.com/thmsmlr/kino_copilot (https://github.com/thmsmlr/kino_copilot?utm_source=thinkingelixir&utm_medium=shownotes) – kinocopilot - Livebook SmartCell that refactors code, generates SQL for data analysis, writes documentation, and generates dashboards.
- https://twitter.com/hugobarauna/status/1709631824555573554 (https://twitter.com/hugobarauna/status/1709631824555573554?utm_source=thinkingelixir&utm_medium=shownotes) – Demonstration of Livebook voice transcription by Hugo Baraúna.
- https://github.com/brainlid/langchain_demo
Released:
Oct 17, 2023
Format:
Podcast episode
Titles in the series (100)
6: Elixir at FontAwesome with Rob Madole: FontAwesome, the internet's most popular icon toolkit, uses Elixir behind the scenes. We talk with Rob Madole to learn how they got there and Rob shares insights to what goes on behind-the-scenes. We cover how they teach Elixir to their team, by Thinking Elixir Podcast