Secure Coding Recommendations
This section lists a number of recommendations for programmers on the BEAM platform. Adhering to these recommendations does not eliminate the need for implementing other activities that make up a Secure Software Development Life Cycle (SSDLC), such as threat modelling, static analysis, dynamic security scanning, penetration testing and tracking third party components and their vulnerabilities. As part of a more comprehensive program secure coding practices can help prevent potential issues at an early stage in the process.
Code examples are given in Erlang and Elixir, but most recommendations apply equally to other BEAM languages.
- Preventing atom exhaustion
- Serialisation and deserialisation
- Spawning external executables
- Protecting sensitive data
- Sandboxing untrusted code
- Preventing timing attacks
- Erlang standard library: ssl
- Erlang standard library: inets
- Erlang standard library: crypto
- Erlang standard library: public_key
- Erlang standard library: xmerl
- Boolean coercion in Elixir