Elixir Mentor Michael Lubas on Securing Elixir
8 snips
Feb 4, 2024 Michael Lubas, founder of Paraxial.io and a cybersecurity pro with penetration testing and product security roots. He discusses securing Elixir and Phoenix apps using bot defense, runtime tracing, and developer-friendly tooling. Talks cover asset management, fast native Elixir integration, detection of credential-stuffing, and common Elixir pitfalls like unsafe deserialization and backend auth enforcement.
AI Snips
Chapters
Transcript
Episode notes
Learning Elixir On The Job At Frame.io
- Michael learned Elixir on the job at Frame.io after being hired for product security during Adobe's acquisition period.
- He discovered security benefits in Elixir while working on real-world production security at Frame.io.
Security Tools Should Empower Not Fearmonger
- Paraxial's positioning focuses on empowering developers to automate routine web app security instead of fear-based vendor marketing.
- Michael Lubas emphasizes Elixir's security plus the need for maintenance, likening it to car upkeep.
Automate Asset Management For Rapid Patching
- Use automated asset management to track apps, public exposure, and framework versions so you can patch vulnerable instances quickly.
- Michael Lubas cites Equifax and explains how untracked legacy apps running vulnerable frameworks caused massive breaches.