Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-golang-security
Awesome Golang Security resources πΆπ
https://github.com/guardrailsio/awesome-golang-security
Last synced: 3 days ago
JSON representation
-
Static Code Analysis
- CodeQL - A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also [LGTM.com](https://lgtm.com) for pull request integration and running queries in the cloud.
- gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container [securego/gosec](https://hub.docker.com/r/securego/gosec).
- gometalinter - Concurrently runs most of the existing go linters and normalizes their output.
- ChainJacking - Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.
- safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
-
Vulnerabilities and Security Advisories
- golang-announce - The golang release mailing list. Language-specific security issues are announced here.
- GoCenter Security - vscode-extension) - Free vulnerability data around Go Modules
- snyk Vulnerability DB - Commercial but free listing of known vulnerabilities in libraries.
- Common Vulnerabilities and Exposures - Vulnerabilities that were assigned a CVE. Covers the language and packages.
- National Vulnerability Database - Golang known vulnerabilities in the National Vulnerability Database.
-
Articles, Guides & Talks
- gosea - Go Secure Example Application (GOSEA).
- Go - Secure Coding Practices - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup.
- Memory Security in golang - Handling data securely in memory.
- A Go Programmer's Guide to Secure Connections - [Video] GopherCon 2018, Liz Rice.
- ReDoS in Go - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go.
- Attacking Go
- Go - Secure Coding Practices - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup.
- OWASP Go - Secure Coding Practices - Go programming language secure coding practices guide.
- golang-tls - Simple Golang HTTPS/TLS Examples.
- Hacking with Go - Hacking with Go for security professionals.
- ReDoS in Go - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go.
-
Reporting Bugs
-
Web Framework Hardening
- nosurf - CSRF protection middleware for Go.
- gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
- gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
- secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
- unindexed - A drop-in replacement for `http.Dir` which disables directory indexing.
- beego-security-headers - beego framework filter for easy security headers management.
-
Libraries
-
Private Key Infrastructure
- CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.
-
Hacking Playground
Categories
Sub Categories
Keywords
go
9
golang
9
security
8
middleware
3
csrf
2
gorilla
2
gorilla-web-toolkit
2
security-tools
2
paseto
1
microservice
1
jwt
1
encoder
1
decoder
1
authentication
1
auth
1
http
1
sessions
1
securecookie
1
cookies
1
cookie
1
xsrf
1
csrf-tokens
1
csrf-protection
1
tools
1
security-scanner
1
security-hardening
1
security-audit
1
secure
1
openssl
1
libressl
1
https-server
1
https
1
httpclient
1
http2
1
awesome
1
appsec
1
supply-chain
1
linter
1
gometalinter
1
static-code-analysis
1
static-analysis
1
security-automation
1
token
1
soa
1
past
1