{"id":26739993,"url":"https://github.com/aw-junaid/golang-web-security","last_synced_at":"2025-04-14T16:05:47.932Z","repository":{"id":277573379,"uuid":"932855446","full_name":"aw-junaid/golang-web-security","owner":"aw-junaid","description":"Secure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.","archived":false,"fork":false,"pushed_at":"2025-03-04T13:12:26.000Z","size":23,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-04T14:23:35.719Z","etag":null,"topics":["golang","penetration-testing","security","websecurity"],"latest_commit_sha":null,"homepage":"https://awjunaid.com","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aw-junaid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-14T16:38:18.000Z","updated_at":"2025-03-04T13:12:30.000Z","dependencies_parsed_at":"2025-02-14T17:47:18.226Z","dependency_job_id":null,"html_url":"https://github.com/aw-junaid/golang-web-security","commit_stats":null,"previous_names":["aw-junaid/golang-web-security"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2Fgolang-web-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2Fgolang-web-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2Fgolang-web-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aw-junaid%2Fgolang-web-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aw-junaid","download_url":"https://codeload.github.com/aw-junaid/golang-web-security/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245972667,"owners_count":20702721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","penetration-testing","security","websecurity"],"created_at":"2025-03-28T04:48:41.336Z","updated_at":"2025-03-28T04:48:41.844Z","avatar_url":"https://github.com/aw-junaid.png","language":null,"funding_links":["https://buymeacoffee.com/awjunaid"],"categories":[],"sub_categories":[],"readme":"# Golang Web Security\n\u003cimg align=\"\" src=\"https://github.com/aw-junaid/aw-junaid/blob/main/Assets/asset5.webp\" width=\"1000\" height=\"150\" alt=\"awjunaid\"\u003e\n\n![GitHub commit activity](https://img.shields.io/github/commit-activity/t/aw-junaid/golang-web-security)\n![GitHub contributors](https://img.shields.io/github/contributors/aw-junaid/golang-web-security)\n![GitHub repo size](https://img.shields.io/github/repo-size/aw-junaid/golang-web-security)\n\n# Contact With Me:\n\n\n  \u003ca href=\"https://www.youtube.com/@awjunaid/featured\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Youtube\u0026logo=youtube\u0026label=\u0026color=FF0000\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"youtube logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.instagram.com/awjunaid_\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Instagram\u0026logo=instagram\u0026label=\u0026color=E4405F\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"instagram logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.twitch.tv/awjunaid\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Twitch\u0026logo=twitch\u0026label=\u0026color=9146FF\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"twitch logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"mailto:abdulwahabjunaid07@gmail.com\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Gmail\u0026logo=gmail\u0026label=\u0026color=D14836\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"gmail logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.linkedin.com/in/aw-junaid\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=LinkedIn\u0026logo=linkedin\u0026label=\u0026color=0077B5\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"linkedin logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://twitter.com/awjunaid_\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Twitter\u0026logo=twitter\u0026label=\u0026color=1DA1F2\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"twitter logo\"  /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://discord.gg/Neddn8gPqY\" target=\"_blank\"\u003e\n    \u003cimg src=\"https://img.shields.io/static/v1?message=Discord\u0026logo=discord\u0026label=\u0026color=7289DA\u0026logoColor=white\u0026labelColor=\u0026style=for-the-badge\" height=\"27\" alt=\"discord logo\"  /\u003e\n  \u003c/a\u003e\n\n  # 💰 You can help me by Donating\n  [![BuyMeACoffee](https://img.shields.io/badge/Buy%20Me%20a%20Coffee-ffdd00?style=for-the-badge\u0026logo=buy-me-a-coffee\u0026logoColor=black)](https://buymeacoffee.com/awjunaid) \n\n \nSecure Golang web app with best practices: authentication, authorization, input validation, CSRF protection, and secure headers. Example code for secure development.\n\n\n# Contents\n- [Tools](#tools)\n- [Educational](#educational)\n\n# Tools\n\n## Web Framework Hardening\n\n- [nosurf](https://github.com/justinas/nosurf) - CSRF protection middleware for Go.\n- [gorilla/csrf](https://github.com/gorilla/csrf) - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services.\n- [gorilla/securecookie](https://github.com/gorilla/securecookie) - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.\n- [secure](https://github.com/unrolled/secure) -  Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.\n- [unindexed](https://github.com/jordan-wright/unindexed) - A drop-in replacement for `http.Dir` which disables directory indexing.\n- [beego-security-headers](https://github.com/gosecguy/beego-security-headers) - beego framework filter for easy security headers management.\n\n## Libraries\n\n- [paseto](https://github.com/o1egl/paseto) - Platform-Agnostic Security Tokens implementation in GO (Golang).\n- [hsts](https://github.com/StalkR/hsts) - Go HTTP Strict Transport Security library.\n- [jwt-go](https://github.com/dgrijalva/jwt-go) - Golang implementation of JSON Web Tokens (JWT).\n- [httprobe](https://github.com/tomnomnom/httprobe) - Take a list of domains and probe for working HTTP and HTTPS servers.\n\n## Static Code Analysis\n\n- [safesql](https://github.com/stripe/safesql) - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.\n- [gosec](https://github.com/securego/gosec) - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container [securego/gosec](https://hub.docker.com/r/securego/gosec).\n- [gometalinter](https://github.com/alecthomas/gometalinter) - Concurrently runs most of the existing go linters and normalizes their output.\n- [CodeQL](https://securitylab.github.com/tools/codeql) - A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also [LGTM.com](https://lgtm.com) for pull request integration and running queries in the cloud.\n- [ChainJacking](https://github.com/Checkmarx/chainjacking) - Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.\n\n## Vulnerabilities and Security Advisories\n\n- [golang-announce](https://groups.google.com/forum/#!forum/golang-announce) - The golang release mailing list. Language-specific security issues are announced here.\n- [GoCenter Security](https://jfrog.com/blog/gocenter-reveals-go-module-vulnerabilities-with-xray/) and [JFrog VSCode Extension for Go](https://marketplace.visualstudio.com/items?itemName=JFrog.jfrog-vscode-extension) - Free vulnerability data around Go Modules\n- [snyk Vulnerability DB](https://snyk.io/vuln?type=golang) - Commercial but free listing of known vulnerabilities in libraries.\n- [Common Vulnerabilities and Exposures](https://www.cvedetails.com/vulnerability-list/vendor_id-14185/Golang.html) - Vulnerabilities that were assigned a CVE. Covers the language and packages.\n- [National Vulnerability Database](https://nvd.nist.gov/vuln/search/results?form_type=Basic\u0026results_type=overview\u0026query=golang\u0026search_type=all) - Golang known vulnerabilities in the National Vulnerability Database.\n\n## Private Key Infrastructure\n\n- [CloudFlare SSL](https://github.com/cloudflare/cfssl) - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.\n\n# Educational\n\n## Hacking Playground\n\n- [govwa](https://github.com/0c34/govwa) - A vulnerable golang application including the most common vulnerabilities found in web applications today.\n- [Lambhack](https://github.com/wickett/lambhack) - A very vulnerable serverless application in AWS Lambda.\n\n## Articles, Guides \u0026 Talks\n\n- [gosea](https://github.com/komand/gosea) - Go Secure Example Application (GOSEA).\n- [Go - Secure Coding Practices](https://www.owasp.org/images/2/2b/Owasp-171123063052.pdf) by OWASP - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup.\n- [OWASP Go - Secure Coding Practices](https://github.com/OWASP/Go-SCP) by Checkmarx - Go programming language secure coding practices guide.\n- [Memory Security in golang](https://cryptolosophy.org/memory-security-go/) - Handling data securely in memory.\n- [A Go Programmer's Guide to Secure Connections](https://www.youtube.com/watch?v=kxKLYDLzuHA) - [Video] GopherCon 2018, Liz Rice.\n- [golang-tls](https://github.com/denji/golang-tls) - Simple Golang HTTPS/TLS Examples.\n- [Hacking with Go](https://github.com/parsiya/Hacking-with-Go) - Hacking with Go for security professionals.\n- [ReDoS in Go](https://www.checkmarx.com/2018/05/07/redos-go/) by Checkmarx - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go.\n- [Attacking Go](https://blog.trailofbits.com/2019/11/07/attacking-go-vr-ttps/): A detailed description on Security assessment techniques for Go projects.\n\n## Reporting Bugs\n\n- [Go Security Policy](https://golang.org/security)\n\n# License\n\n[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faw-junaid%2Fgolang-web-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faw-junaid%2Fgolang-web-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faw-junaid%2Fgolang-web-security/lists"}