Sobelow v0.5.3 released

Sobelow, a Phoenix Framework vulability scanner, received new update
23 August 2017   324

What is Sobelow? 

Sobelow is a security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent introducing a number of common vulnerabilities.

Currently Sobelow detects some types of the following security issues:

  • Insecure configuration
  • Known-vulnerable Dependencies
  • Cross-Site Scripting
  • SQL injection
  • Command injection
  • Denial of Service
  • Directory traversal
  • Unsafe serialization

Potential vulnerabilities are flagged in different colors according to confidence in their insecurity. High confidence is red, medium confidence is yellow, and low confidence is green.

A finding is typically marked "low confidence" if it looks like a function could be used insecurely, but it cannot reliably be determined if the function accepts user-supplied input. That is to say, green findings are not secure, they just require greater manual validation.

Note: This project is in constant development, and additional vulnerabilities will be flagged as time goes on.

Learn more at GitHub.

What's new in version 0.5.3?

Changes include:

  • Checks for additional vulnerable dependencies
  • Checks for an additional XSS vector
  • --compact and --quiet flags for people who want less output
  • Bug fixes and improvements!

Install the latest update with mix archive.install hex sobelow

Creator's overview of Phoenix 1.3

 Chris McCord, Phoenix Creator, talks about new version of Elixir's framework; reports about new features and improvements
17 August 2017   735

Chris, the Phoenix Framework creator, runs through the updates and developments in Phoenix 1.3 in his Lonestar ElixirConf keynote. As a result, this video is a must-see to anyone working or developing with Phoenix.

Learn about the design decisions behind the new generators. Chris also explains the rationale behind the new approach to structuring applications in Phoenix.

Learn more about Phoenix Framework and why changes in Phoenix 1.3 are so important.