{"id":24863850,"url":"https://github.com/sshaplygin/5-steps-for-protect","last_synced_at":"2026-05-14T22:33:23.070Z","repository":{"id":274244102,"uuid":"922285861","full_name":"sshaplygin/5-steps-for-protect","owner":"sshaplygin","description":"Service for 5 popular security errors in Golang. RU-lang article","archived":false,"fork":false,"pushed_at":"2025-02-11T00:18:26.000Z","size":30,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-26T17:54:10.535Z","etag":null,"topics":["duckdb","duckdb-database","echo-framework","golang","owasp","owasp-top-10"],"latest_commit_sha":null,"homepage":"https://tproger.ru/preview/5-wagov-dlya-zashhity-backend--chek-list-ot-uyazvimostej","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sshaplygin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-25T19:56:07.000Z","updated_at":"2025-02-11T00:16:31.000Z","dependencies_parsed_at":"2025-01-26T00:28:19.938Z","dependency_job_id":"c2893968-bb8c-4e87-a13d-849b0854e2e8","html_url":"https://github.com/sshaplygin/5-steps-for-protect","commit_stats":null,"previous_names":["sshaplygin/5-steps-for-protect"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sshaplygin/5-steps-for-protect","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshaplygin%2F5-steps-for-protect","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshaplygin%2F5-steps-for-protect/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshaplygin%2F5-steps-for-protect/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshaplygin%2F5-steps-for-protect/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sshaplygin","download_url":"https://codeload.github.com/sshaplygin/5-steps-for-protect/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sshaplygin%2F5-steps-for-protect/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33045605,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["duckdb","duckdb-database","echo-framework","golang","owasp","owasp-top-10"],"created_at":"2025-01-31T23:35:14.186Z","updated_at":"2026-05-14T22:33:23.065Z","avatar_url":"https://github.com/sshaplygin.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 5 steps for protect\n\n## Дисклеймер\n\nТекущий пример не является продакешн решением. Данным сервис существует в качестве примера для статьи. [🔗 Ссылка на статью](https://tproger.ru/articles/5-wagov-dlya-zashhity-backend--chek-list-ot-uyazvimostej)\n\n## Функциональные требования\n\nРассмотрим пример небольшого сервиса - общий фида с анонимными публикациями.\n\nСервис имеет следующие функциональные требования:\n\n- регистрация\n- вход/выход из учетной записи\n- просмотр фида публикаций с временем публикаии и анонимным ID автора\n- создание новой публикации\n- просмотр конкретной своей публикации\n\n## Популярные ошибки при разработки backend приложений\n\n- XSS\n- SSRF\n- Недостатки контроля доступа. IDOR/Broken ACL\n- Внедрение операторов SQL\n- Раскрытие конфиденциальных данных\n\nВерсия в верке - [**main**](https://github.com/sshaplygin/5-steps-for-protect/tree/main) создана с ошибками. Исправления уязвимостей находятся в ветке [**fix-errors**](https://github.com/sshaplygin/5-steps-for-protect/tree/fix-errors)\n\n## Технологии\n\n- [Go/Golang](https://go.dev/)\n- [DuckDB](https://duckdb.org/)\n- [Echo](https://echo.labstack.com/)\n- [Zap logger](https://github.com/uber-go/zap)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsshaplygin%2F5-steps-for-protect","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsshaplygin%2F5-steps-for-protect","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsshaplygin%2F5-steps-for-protect/lists"}