Skip to navigation Skip to main content Skip to footer

Sobelow, released in 2017, is the first security-focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points-of-interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities.

Over the last year, Sobelow has been consistently improving. A number of features have been added to improve user experience and help Sobelow fit into a continuous integration pipeline. More importantly, there have been dozens of improvements to the vulnerability checks; not only does Sobelow scan for new issues, it also expands upon the vulnerability checks already in place.

Here are some of the highlights:

  • A number of formatting options have been added, including compact, quiet, and JSON output formats.
  • Tests for new vulnerabilities, including checks for code execution via Code and EEx modules, and for configuration options like Content-Security Policy.
  • Improvements and expansions of many already-defined vulnerabilities, including denial of service, CSRF, and Cross-Site Scripting.
  • Usability improvements, like the ability to save test configuration, or better support for umbrella applications.

Check out the latest updates to the tool on our NCC Group Github: https://github.com/nccgroup/sobelow

For more information on these updates, read the blog post by Griffin Byatt.

<

p id=”sobelow-in-2018″>