Infosec research and app security
Aaron Hnatiw joined the show to talk about being a security researcher, teaching application security with Go, and a deep dive on how engineers and developers can get started with infosec. Plus: white hat, black hat, red team, blue team…Aaron sorts it all out for us.
Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!
Sponsors:
- Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code
changelog2017to get 4 months free! - Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform.
Featuring:
- Aaron Hnatiw – Twitter, GitHub
- Erik St. Martin – Twitter, GitHub
- Carlisia Thompson – Twitter, GitHub, LinkedIn
- Brian Ketelsen – Twitter, GitHub
Show Notes:
Aaron blessed us with a veritable slew of links to help Go developers level up their security game:
Race-The-Web (Also check out the accompanying practice site)
Go-fuzz (Check out their trophies section)
OWASP Top 10: (Counterpoint - Vulnerabilities beyond the OWASP Top 10)
SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability
Interesting Go Projects and News
Fencing off Go Applied - A Practical Look at a Go Research Paper
Free Software Friday!
Each week on the show we give a shout out to an open source project or community (or maintainer) that’s made an impact in our day to day developer lives.
Erik - K8GUARD (The guardian angel for Kubernetes)
Carlisia - Goman
Brian - WSLtty
Aaron - Visual Studio Code (with the Go plugin, of course)
Something missing or broken? PRs welcome!
