Secure Coding and Deployment Hardening Guidelines

Best-practices for writing and running applications on the BEAM, by the Erlang Ecosystem Foundation’s Security Working Group.

To report mistakes or suggest additional content, please open an issue or create a pull request in the GitHub repository.

Contents

• Introduction
• Secure Coding Recommendations
  • Preventing atom exhaustion
  • Serialisation and deserialisation
  • Spawning external executables
  • Protecting sensitive data
  • Sandboxing untrusted code
  • Preventing timing attacks
  • Erlang standard library: ssl
  • Erlang standard library: inets
  • Erlang standard library: crypto
  • Erlang standard library: public_key
  • Erlang standard library: xmerl
• Deployment Hardening
  • Installing/building the runtime system
  • Releases
  • Distribution Protocol and EPMD
  • Crash dumps and core dumps
• Resources

Next: Introduction »