Open voltone opened 2 years ago
Erlang distribution protocol: overview, risks, EPMD, network interface binding, security mechanisms, TLS transport, ...
Interaction with the host OS executables/processes: ports, os:cmd, NIFs, erl_child_setup
, erlsrv
, heart
, ...
Introspection: observer, crash dumps, remote console, to_erl
Code loading: interactive vs. embedded, load paths, executable config files in Elixir releases, code_server
Where to find config files. What files need restricted read/write permissions.
Erlang/OTP profiling: fprof
, eprof
, cprof
, dbg
, lcnt
, perf
.
Load testing - Tsung
.
Create a 'testing guide' aimed at security professionals with little or no experience with the BEAM platform. The document should provide both background information, with links to relevant resources, and concrete examples of verification tests that show necessary hardening is in place.
Please add any suggestions for topics that we might cover as comments in this ticket.