Secure Coding in Go

Explore some of the most common attacks against Go applications, as well as how to prevent and defend against those threats.

Introduction

• Why care about security?
• What you should know

1. Security Overview

• Security risks overview
• CVEs
• OWASP Top 10
• Case studies

2. Input

• Overview of input processing
• SQL injection
• Setting timeouts
• Size limiting
• Input validation
• Challenge: Secure input
• Solution: Secure input

3. Output

• Overview of output issues
• Cross-site scripting (XSS)
• Sensitive data
• Terminating HTTP handlers on error
• Challenge: Securing output
• Solution: Securing output

4. Authentication and Authorization

• Overview of authentication issues
• Authentication
• Authorization
• Challenge: Limit access
• Solution: Limit access

5. Infrastructure

• Overview of infrastructure security
• Security configuration
• Keeping secrets
• Dependency management
• Logging and metrics
• Challenge: Secure project
• Solution: Secure project

6. Process

• Include security in your process
• The security mindset
• Linters
• Security audits

Conclusion

• Next steps