Introduction
Secure coding practices can help reduce vulnerabilities in software projects by steering programmers away from dangerous functions or patterns, and towards more robust alternatives.
Deployment hardening is the process of reducing the attack surface of a production environment, e.g. by removing unused components and revising unsafe configurations.
While these two topics traditionally represent separate activities in a secure software development lifecycle, in BEAM applications the distinction is not always very clear. Moreover, in today’s DevSecOps world the same people are often responsible for both activities.
In this document we present both secure coding and deployment hardening recommendations, aimed at architects, developers, testers and operational engineers.
Next: Secure Coding Recommendations »