Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-golang-security

Awesome Golang Security resources πŸ•ΆπŸ”
https://github.com/guardrailsio/awesome-golang-security

Last synced: 5 days ago
JSON representation

  • Static Code Analysis

    • CodeQL - A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also [LGTM.com](https://lgtm.com) for pull request integration and running queries in the cloud.
    • gosec - Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container [securego/gosec](https://hub.docker.com/r/securego/gosec).
    • gometalinter - Concurrently runs most of the existing go linters and normalizes their output.
    • ChainJacking - Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack.
    • safesql - Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment.
  • Vulnerabilities and Security Advisories

  • Articles, Guides & Talks

  • Reporting Bugs

  • Web Framework Hardening

    • nosurf - CSRF protection middleware for Go.
    • gorilla/csrf - Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services.
    • gorilla/securecookie - Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications.
    • secure - Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications.
    • unindexed - A drop-in replacement for `http.Dir` which disables directory indexing.
    • beego-security-headers - beego framework filter for easy security headers management.
  • Libraries

    • paseto - Platform-Agnostic Security Tokens implementation in GO (Golang).
    • hsts - Go HTTP Strict Transport Security library.
    • jwt-go - Golang implementation of JSON Web Tokens (JWT).
    • httprobe - Take a list of domains and probe for working HTTP and HTTPS servers.
  • Private Key Infrastructure

    • CloudFlare SSL - CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.
  • Hacking Playground

    • govwa - A vulnerable golang application including the most common vulnerabilities found in web applications today.
    • Lambhack - A very vulnerable serverless application in AWS Lambda.