Tag

#security

11 articles

← All articles
Security

Color Team Operations: Red, Blue, Purple, and Why You Need All Three

Red finds the holes. Blue closes them. Purple makes sure they stay closed. A security program with only one color is a security program with a blind spot β€” and attackers find blind spots for a living.

Apr 09, 2026 Β· 7 min read Β· TomΓ‘Ε‘ Korcak (korczis)
red-team blue-team security +2
Featured
Security

EASM as a Closed Loop: Discovery, Rating, Remediation, Repeat

External Attack Surface Management only works as a closed loop. How Prismatic Perimeter discovers assets, rates them, feeds the decision engine, and shortens time-to-remediation from weeks to hours.

Apr 09, 2026 Β· 8 min read Β· TomΓ‘Ε‘ Korcak (korczis)
easm perimeter security +2
Security

Implementing a Compliance-Grade Audit Trail in Elixir

Building an audit logging system with action tracking, IP logging, duration measurement, query patterns, and GDPR-compliant retention for regulatory compliance.

Apr 02, 2026 Β· 9 min read Β· Tomas Korcak (korczis)
audit-trail compliance logging +2
Security

Attack Surface Management: The Perimeter Module

The Perimeter module implements External Attack Surface Management (EASM) with security ratings, asset discovery, NIS2 compliance scanning, and vulnerability assessment. This article details the architecture and the LiveView dashboard.

Mar 23, 2026 Β· 10 min read Β· Prismatic Engineering
easm perimeter security +2
Product

CER/NIS2 Compliance: Automating Czech Critical Entity Requirements

How Prismatic automates NIS2 and Czech ZKB compliance for critical entities: supplier vetting, employee screening, incident reporting, and evidence-based gap analysis.

Mar 19, 2026 Β· 8 min read Β· Tomas Korcak (korczis)
compliance nis2 cer +3
Product

EASM: Automating External Attack Surface Discovery

How Prismatic Perimeter discovers and monitors an organization's internet-facing assets using DNS enumeration, certificate transparency, port scanning, and continuous monitoring.

Mar 17, 2026 Β· 9 min read Β· Tomas Korcak (korczis)
easm perimeter security +3
Security

Pre-Commit Security Gates: Catching Vulnerabilities Before They Land

Every commit to the Prismatic codebase passes through 9 blocking pre-commit pillars and 17 CI doctrine checks. This article explains how ZERO, SEAL, PERF, HYGIENE, NMND, TACH, DOCS, DEPS, and RDME are enforced with grep scanning and mix tasks.

Mar 16, 2026 Β· 10 min read Β· Prismatic Engineering
pre-commit security doctrine +3
Security

Zero Trust in Elixir: The SEAL Doctrine

The SEAL doctrine enforces absolute security locks across the codebase. SQL injection, hardcoded secrets, Code.eval usage, and command injection are detected and blocked at both the pre-commit hook level and through AST-based static analysis.

Mar 12, 2026 Β· 9 min read Β· Prismatic Engineering
seal security zero-trust +3
Security

Pre-Commit Security Gates: 9 Blocking Pillars for Code Quality

Implementing pre-commit hooks that enforce 9 blocking security and quality pillars: grep scanning for String.to_atom, hardcoded secrets, AST analysis mix tasks, and pillar-based enforcement architecture.

Mar 06, 2026 Β· 9 min read Β· Tomas Korcak (korczis)
pre-commit security elixir +2
Security

Zero Trust in Elixir: The SEAL Security Doctrine

Implementing the SEAL security doctrine in Elixir: parameterized Ecto queries, environment variable secrets management, Code.eval prevention, input validation boundaries, and OWASP Top 10 mapping.

Mar 05, 2026 Β· 8 min read Β· Tomas Korcak (korczis)
security seal elixir +2
Tutorial

Shodan Integration Guide: Building an OSINT Adapter in Elixir

Step-by-step guide to integrating Shodan's internet device search engine into an Elixir-based OSINT platform, covering API setup, banner parsing, service fingerprinting, CVE correlation, and rate limiting.

Feb 25, 2026 Β· 8 min read Β· Tomas Korcak (korczis)
shodan osint elixir +2

Related tags

elixir 52 osint 21 architecture 20 compliance 11 due-diligence 11 security 11 phoenix 10 intelligence 10 otp 10 liveview 9 pipeline 8 performance 7 deployment 6 quality 6 czech 6 pubsub 6 nis2 6 ci-cd 6 api 6 evolution 6 umbrella 5 observability 5 doctrine 5 metrics 5