awesome-golang-security

Security resources

A curated collection of resources and tools to help developers secure their Go-based applications and services.

Awesome Golang Security resources πŸ•ΆπŸ”

GitHub
2k stars
42 watching
145 forks
last commit: 8 months ago
Linked from 1 awesome list

awesome-listgolangsecuritysecurity-toolsstatic-analysis

Tools / Web Framework Hardening
nosurf 1,603 10 months ago CSRF protection middleware for Go
gorilla/csrf 1,062 11 months ago Provides Cross-Site Request Forgery (CSRF) prevention middleware for Go web applications & services
gorilla/securecookie 701 about 1 year ago Encodes and decodes authenticated and optionally encrypted cookie values for Go web applications
secure 2,288 3 months ago Secure is an HTTP middleware for Go that facilitates most of your security needs for web applications
unindexed 28 about 3 years ago A drop-in replacement for which disables directory indexing
beego-security-headers 7 about 6 years ago beego framework filter for easy security headers management

Tools / Libraries
paseto 865 almost 2 years ago Platform-Agnostic Security Tokens implementation in GO (Golang)
hsts 22 4 months ago Go HTTP Strict Transport Security library
jwt-go 10,790 about 3 years ago Golang implementation of JSON Web Tokens (JWT)
httprobe 2,902 7 months ago Take a list of domains and probe for working HTTP and HTTPS servers

Tools / Static Code Analysis
safesql 564 over 3 years ago Static analysis tool for Golang that protects against SQL injections. It does not seem to be actively maintained at the moment
gosec 7,894 about 1 month ago Inspects source code for security problems by scanning the Go AST and matching it with a set of rules. Comes bundled in a Docker container
gometalinter 3,505 almost 6 years ago Concurrently runs most of the existing go linters and normalizes their output
CodeQL A tool that lets you query your code like data, in order to find vulnerabilities and bugs. See also for pull request integration and running queries in the cloud
ChainJacking 56 over 2 years ago Find which of your Go lang direct GitHub dependencies is susceptible to ChainJacking attack

Tools / Vulnerabilities and Security Advisories
golang-announce The golang release mailing list. Language-specific security issues are announced here
GoCenter Security and - Free vulnerability data around Go Modules
snyk Vulnerability DB Commercial but free listing of known vulnerabilities in libraries
Common Vulnerabilities and Exposures Vulnerabilities that were assigned a CVE. Covers the language and packages
National Vulnerability Database Golang known vulnerabilities in the National Vulnerability Database

Tools / Private Key Infrastructure
CloudFlare SSL 8,812 3 months ago CFSSL is CloudFlare's PKI/TLS swiss army knife. It is both a command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates

Educational / Hacking Playground
govwa 175 6 months ago A vulnerable golang application including the most common vulnerabilities found in web applications today
Lambhack 94 over 5 years ago A very vulnerable serverless application in AWS Lambda

Educational / Articles, Guides & Talks
gosea Go Secure Example Application (GOSEA)
Go - Secure Coding Practices by OWASP - [PDF] Talk given by Sulhaedir at the OWASP Jakarta meetup
OWASP Go - Secure Coding Practices 4,881 8 months ago by Checkmarx - Go programming language secure coding practices guide
Memory Security in golang Handling data securely in memory
A Go Programmer's Guide to Secure Connections [Video] GopherCon 2018, Liz Rice
golang-tls 1,271 about 4 years ago Simple Golang HTTPS/TLS Examples
Hacking with Go 1,807 almost 5 years ago Hacking with Go for security professionals
ReDoS in Go by Checkmarx - Diving Deep into Regular Expression Denial of Service (ReDoS) in Go
Attacking Go : A detailed description on Security assessment techniques for Go projects

Other / Reporting Bugs
Go Security Policy

Backlinks from these awesome lists:

More related projects: