Application Security Testing: Penetration testing tools/ tutorial

How can I do a security audit of my elixir code base? I have used sobelow static analysis.What are d/f Penetration testing tools for elixir if any. how can I improve security for my elixir application?


I work for, and one of the services we offer is pentesting specifically for Elixir/Phoenix. Our methodology is black and white box, meaning I read the source code for customers to understand how the application works, and test it to find vulnerabilities. Using Sobelow is a great first step, however there’s not a pentesting tool specific to Elixir.

If you would like to learn how to do security assessments for Elixir, I’m also the author of Potion Shop, which is a vulnerable Elixir application to teach security - GitHub - securityelixir/potion_shop: A vulnerable Elixir and Phoenix application for learning web security

At the risk of too many self plugs, I also did a talk recently about learning Elixir security, which is up on Youtube now - Elixir Security - Michael Lubas - Elixir Meetup #18 - YouTube

Here’s the links from the slides:


Wow! Awesome and really interesting compilation. I can’t wait to read, learn and apply :heart_eyes_cat:

Thank you very much, @realcorvus!

1 Like