Secure coding practices are important regardless of development language. This series is a follow up to my talk at Gophercon 2022 providing more depth into security for Golang and allowing me to more effectively source the references used for from my presentation.1
These posts will demonstrate vulnerabilities using Go and fixes for those vulnerabilities. One important note is that these vulnerabilities exist in all languages and are not isolated only to the Go ecosystem. I will link references for each vulnerability type in other languages and ecosystems for readers not currently using Go.
NOTE: These posts are listed in two series on my site. For the sake of organization they will be primarily listed under the appsec series since that will be larger and more holistic in-depth series, however, any Go specific posts will be doubly listed here.
In 2022, I had the pleasure of speaking at Gophercon on the topic of secure coding in Go. The posts in this series are a more in-depth version of that talk, broken down into smaller, more digestible chunks.
The presentation from Gophercon is available here: Secure Coding in Go.
The vulnerable application is available here: gc22-secure-coding-in-go