Securie for Phoenix LiveView
Phoenix LiveView's channel-auth pattern is the security boundary. CSRF on form-events + JWT-token verification + channel topic-based authorization are the common bug classes.
Why it matters for Phoenix LiveView
Securie reviews every Phoenix PR; specialists cover channel auth + token verification + LiveView-event handlers.
- Designed for Phoenix 1.7+ + LiveView
- Catches missing channel auth
- Validates JWT verification in connect/3
- Works with Fly + Render + bare-metal
Common bugs we catch in Phoenix LiveView
Channel topic without auth check
join/3 without authorize_user check = users join arbitrary topics + receive other users' broadcasts.
Read the guide →JWT verification missing alg pin
Verifying without explicit algorithm = alg-confusion attack.
Read the guide →handle_event without authorization
LiveView handle_event callback that mutates DB without checking caller's authorization on the target object — BOLA.
Read the guide →Install in under a minute
- Install the Securie GitHub App
- Securie auto-detects Phoenix via mix.exs
- Push any PR
Phoenix is a trademark of Plataformatec. Securie is independent.