elixir-secure-coding
elixir-secure-coding copied to clipboard
An interactive cybersecurity curriculum designed for enterprise use at software companies using Elixir
Since this is a livebook, we should install the sobelow package and have the participant use it to scan an example phoenix web app
Many lessons are lacking associated attribution in the initial mad dash to create content, an attempt should be made to go back through and add attribution to sections. E.g. link...
In the effort of completeness, we should include definitions around signed cookies and encrypted cookies to the module. Relevant Resources: - https://cloud.google.com/cdn/docs/using-signed-cookies#:~:text=Signed%20cookies%20give%20time%2Dlimited,t%20feasible%20in%20your%20application. - https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html - https://blog.jscrambler.com/securing-http-cookies#:~:text=Encrypted%20Cookies&text=This%20adds%20a%20layer%20of,can't%20sniff%20the%20cookies. - https://security.stackexchange.com/questions/67401/what-is-actually-the-purpose-of-encrypting-the-values-in-a-cookie
It would be ideal to talk about the prevention techniques and difference in approach to Application layer rate-limiting and Network layer rate-limiting. Additionally it would be great to create a...
The Security implications of Machine Learning abuse and manipulation is still a developing area, but I believe it may become prudent to cover at least as a lesson should there...
It would be handy to encompass more of the Elixir Ecosystem with this training, as such we should include a module or lessons regarding Nerves best practices as it relates...
Potentially add a new module (or at the very least a lesson or two if there isn't enough content for a full module) regarding Elixir LiveView and the security considerations...
It would be nice if a few more passes were made on the content itself to try and spruce it up with more relatable / friendly content. Things like: -...
If the purposed architecture for autograding is to have the grader run on all MRs to main branch, it will block folks who are trying to make adjustments to the...
Similar in concept to [Autograder as GitHub Action](https://github.com/podium/elixir-secure-coding/issues/17) it's Podium's priority to get this working immediately since we use GitLab. We would most likely just need to finish getting a...