Overview
Learn secure coding practices in Go to avoid common vulnerabilities in this GopherCon 2022 conference talk. Explore the OWASP Top 10 application vulnerabilities and their relevance to Go development. Discover how to adopt a secure mindset, handle user input safely, and prevent various types of injections, including SQL injection and XSS. Understand the differences between encoding and encryption, learn about TLS handshakes, and explore best practices for hashing and encryption. Dive into supply chain security, famous attacks, and the importance of vetting third-party libraries. Gain practical insights to proactively enhance the security of your Go applications and protect against potential threats.
Syllabus
Introduction
Have a secure mindset
What is user input
Injections
Iterable IDs
University Unique Identifier
SQL Injection
Making Friends
Login Bypass
Valid Login
Unsafe File Upload
More Slides
Reflecting XSS
More vulnerabilities
Encoding vs Encryption
face bomb
encrypted gopher
encryption
TLS handshake
What can you do
Best Practices
hashing vs encryption
argon2id
OWASP
Supply chain
Famous attacks
Thirdparty libraries
Linus
Verified Unverified
Recap
Be Proactive
Conclusion
Taught by
Gopher Academy