Infosec research and app security

Aaron Hnatiw joined the show to talk about being a security researcher, teaching application security with Go, and a deep dive on how engineers and developers can get started with infosec. Plus: white hat, black hat, red team, blue team…Aaron sorts it all out for us.

Discuss on Changelog News

Changelog++ members support our work, get closer to the metal, and make the ads disappear. Join today!


  • Linode – Our cloud server of choice. Get one of the fastest, most efficient SSD cloud servers for only $5/mo. Use the code changelog2017 to get 4 months free!
  • Fastly – Our bandwidth partner. Fastly powers fast, secure, and scalable digital experiences. Move beyond your content delivery network to their powerful edge cloud platform.


Notes and Links

Aaron blessed us with a veritable slew of links to help Go developers level up their security game:

Go Meta Linter

Go AST Scanner


Race-The-Web (Also check out the accompanying practice site)

Go-fuzz (Check out their trophies section)





OWASP Top 10: (Counterpoint - Vulnerabilities beyond the OWASP Top 10)

SSRF as a Service: Mitigating a Design-Level Software Security Vulnerability

Interesting Go Projects and News

Fencing off Go Applied - A Practical Look at a Go Research Paper

Go 1.9 Release Notes

GoRef (v. similar to trace)

Free Software Friday!

Each week on the show we give a shout out to an open source project or community (or maintainer) that’s made an impact in our day to day developer lives.

Erik - K8GUARD (The guardian angel for Kubernetes)

Carlisia - Goman

Brian - WSLtty

Aaron - Visual Studio Code (with the Go plugin, of course)

Something missing or broken? PRs welcome!

1 week, 2 days ago 0
Login to Add New Comment
No comments have been posted yet, be the first one to comment.