Holden Oullette
Holden Oullette
We've been using Salus for awhile now at my current company and have integrated [Sobelow](https://github.com/nccgroup/sobelow) into it for the purposes of scanning Elixir code. Our implementation is not ready for...
We've been integrating Sobelow into another open-source project [Salus](https://github.com/coinbase/salus) (a Security Scanning Orchestration tool) and in extending it to support running Sobelow for Elixir code, the class created needs to...
Since this is a livebook, we should install the sobelow package and have the participant use it to scan an example phoenix web app
Many lessons are lacking associated attribution in the initial mad dash to create content, an attempt should be made to go back through and add attribution to sections. E.g. link...
In the effort of completeness, we should include definitions around signed cookies and encrypted cookies to the module. Relevant Resources: - https://cloud.google.com/cdn/docs/using-signed-cookies#:~:text=Signed%20cookies%20give%20time%2Dlimited,t%20feasible%20in%20your%20application. - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html - https://blog.jscrambler.com/securing-http-cookies#:~:text=Encrypted%20Cookies&text=This%20adds%20a%20layer%20of,can't%20sniff%20the%20cookies. - https://security.stackexchange.com/questions/67401/what-is-actually-the-purpose-of-encrypting-the-values-in-a-cookie
It would be ideal to talk about the prevention techniques and difference in approach to Application layer rate-limiting and Network layer rate-limiting. Additionally it would be great to create a...
The Security implications of Machine Learning abuse and manipulation is still a developing area, but I believe it may become prudent to cover at least as a lesson should there...
It would be handy to encompass more of the Elixir Ecosystem with this training, as such we should include a module or lessons regarding Nerves best practices as it relates...
Potentially add a new module (or at the very least a lesson or two if there isn't enough content for a full module) regarding Elixir LiveView and the security considerations...
It would be nice if a few more passes were made on the content itself to try and spruce it up with more relatable / friendly content. Things like: -...