A key part of preventing attacks is rejecting invalid input early, and ensuring that users have appropriate access. This talk will discuss how to use Scala's features to provide strong, type-safe security with type refinement and object capability patterns. Using refinement types, we can go from "stringly-typed" validation code to "strongly-typed" code. And with object capabilities, we can provide fine-grained authorization to resources, including modulating access with revocation, per-instance delegation, and ensuring secure transit with sealers/unsealers, with just a few lines of Scala.
Will Sargent is a security-minded independent consultant who worked at Lightbend on Play 2.6 security features, and writes about security topics on his blog. He is also responsible for the lightbend-emoji library.