by Michael Lubas
Paraxial.io is an application security platform created for Elixir. The two primary use cases are defense against malicious web bots and vulnerability management. Similar tools on the market today include reCaptcha, Snyk, and Cloudflare bot defense. Paraxial.io’s backend is written in Elixir, all our customers are using Elixir, and even this blog is a Phoenix application running Dashbit’s NimblePublisher.
The business focus on Elixir is distinctive, and goes against the conventional wisdom to support as many languages, web servers, and platforms as possible. When security companies lack a clear direction for their product, quality visibly suffers. The unfortunate reality of many vendors is they put shipping any integration possible ahead of a quality product. Paraxial.io has an ambitious goal, the creation of security product that customers enjoy using. This goal, like our focus on Elixir, is unorthodox for a security company.
Naturally, Paraxial.io’s customers are members of the Elixir community. Our desire to support developer education on Elixir security led to the publication of articles on this topic. A few examples include:
The positive feedback shows there is demand for more guidance on Elixir security. I personally love the language, and am fortunate to work with Elixir professionally. While the goal of Paraxial.io is to be the leader in Elixir security, that can only be achieved through service and respect for our customers. The blog has been an excellent tool in helping Elixir developers and companies learn about security.
The majority of people today are familiar with reCaptcha, those confusing puzzles about crosswalks that disrupt your web browsing. The reason site owners use reCaptcha is to stop bots performing attacks like credential stuffing, credit card fraud, and SMS spam. The business downside of using reCaptcha is obvious, users are less likely to spend money on your site, hackers can bypass it, and Google does not provide any support for Elixir.
The lack of support for Elixir is common among security vendors. Even Snyk, who supports management of vulnerable Hex dependencies, lacks Sobelow support. Companies who need bot defense, static analysis, and dependency security had to spread these across three different vendors before Paraxial.io. This is wasteful, both in terms of security budget and the time spent working with different vendors who do not see Elixir as a business priority. We saw this situation as an opportunity for Paraxial.io to provide a much needed product, with better customer service than the competition.
Installing Paraxial.io is the same as any library from Hex: add to your mix.exs file, configure the API key, and you’re done. There is no changing DNS settings, which can lead to downtime, or digging through Nginx configs. Modern software development takes place on Platform as a Service offerings, such as Fly.io or Gigalixir, and Paraxial.io is designed to fully support this model.
The vulnerability management feature of Paraxial.io runs via a mix task,
mix paraxial.scan, which can be run in your local environment, or integrated into your CI/CD pipeline for continuous security. Most software security vendors add unnecessary complexity, introducing requirements for Docker or installing Java, because their “universal platform” puts inferior support for many environments (more profits) over performance, developer experience, and even security (the ostensible goal of their software).
The article 10 years(-ish) of Elixir by José Valim (creator of Elixir) provides an excellent summary of how rapidly the ecosystem is growing. Here at Paraxial.io, we are grateful for the opportunity to contribute through our security platform, educational resources, and engagement with the community. If you are using Elixir, thank you!
Paraxial.io is the only application security and compliance platform made for Elixir.
Subscribe for new posts about Elixir and Phoenix security.