<

Bram Verburg

Grand Prior of Software Security @ Bluecode

Bram is a developer, architect and security advocate with more than 20 years experience delivering complex software platforms for the telecom and financial industries, meeting their stringent security and reliability requirements. He has been using Erlang, and later Elixir, for more than 10 years.

As a security advocate he has taken an interest in the security aspects of the Erlang/OTP ecosystem, as a blogger (at https://blog.voltone.net/), trainer, speaker, and open source contributor. Bram is a founding member of the Security WG of the Erlang Ecosystem Foundation.

Past Activities

Maxim Fedorov / Bram Verburg
Code BEAM America 2021
03 Nov 2021
12.25 - 13.05

Fireside chat on BEAM security

Join Maxim Fedorov and Bram Verburg to discuss security for BEAM-based applications. How can industry best-practices for secure coding, testing and deployment hardening be applied to the Erlang ecosystem? What has been achieved over the last few years and what challenges remain? How can the community collaborate on moving things forward? Audience participation, through questions/comments in the session chat, is encouraged! 

Bram Verburg
Code BEAM SF 2020
05 Mar 2020
14.35 - 15.20

Off BEAM: Secure software development

The BEAM platform lets us develop uniquely robust systems for mission critical applications. But in the presence of malicious users, even a BEAM application is only as strong as its weakest link.

In this talk Bram will look at best practices for secure coding specifically for the BEAM ecosystem. He will cover Erlang, Elixir and several popular 3rd party frameworks and libraries.

THIS TALK IN THREE WORDS

BEAM

Security

Practices

OBJECTIVES

Help people identify potential weaknesses in their applications early in the product lifecycle and offer actionable advice.

TARGET AUDIENCE

Anyone developing applications that may be subject to malicious users or random attacks.

Viktória Fördős / Bram Verburg
Code BEAM V Europe 2021
19 May 2021
13.20 - 14.00

Fireside chat on security for practitioners and academics

Let’s talk about what keeps you awake at night... and about what should keep you awake at night.

Join Bram and Viktória and learn about the threats targeting BEAM users, the solutions that exist today and the unsolved challenges that await brilliant minds. 

Bram Verburg
Code BEAM Lite Amsterdam 2018
30 Nov 2018
15.15 - 15.35

Learn you some 'ssl' for much security!

Erlang/OTP's built-in 'ssl' application forms the basis of many client and server packages. Unfortunately it has quite a few quirks, potentially leading to weak (or even broken) security. Many higher layer packages expose the 'ssl' application's socket options directly, with no additional defaults and little guidance on how to use them.

This talk highlights the most important client and server settings for 'ssl' sockets, how the defaults have evolved across OTP versions, and how popular libraries build on them. Topics include cipher suite selection, server hostname verification, known certificate issues (wildcard SAN, cross-signed CA), revocation checks, ECDSA servers, and more.

Practical code samples are given in Erlang and/or Elixir, as applicable.

OBJECTIVES

Learn to apply secure TLS configurations to clients and servers, either directly with the OTP 'ssl' application or through the many libraries that rely on it: Ranch, Cowboy, Plug, Phoenix, httpc, Hackney, HTTPoison, etc.